diff --git a/jsconfig.json b/jsconfig.json
index d1365282c..b50f8e19f 100644
--- a/jsconfig.json
+++ b/jsconfig.json
@@ -10,6 +10,8 @@
     "sourceMap": true,
     "strict": false,
     "moduleResolution": "bundler",
+    "noUncheckedIndexedAccess": true,
+    "strictNullChecks": true,
     "types": ["@testing-library/jest-dom"]
   },
   // Path aliases are handled by https://kit.svelte.dev/docs/configuration#alias and https://kit.svelte.dev/docs/configuration#files
diff --git a/src/addons/AddOnPin.svelte b/src/addons/AddOnPin.svelte
index aed8124e0..8e4125dc4 100644
--- a/src/addons/AddOnPin.svelte
+++ b/src/addons/AddOnPin.svelte
@@ -19,6 +19,10 @@
     event.preventDefault();
 
     const csrftoken = getCsrfToken();
+    if (!csrftoken) {
+      console.error("No CSRF token found");
+      return;
+    }
     const options: RequestInit = {
       credentials: "include",
       method: "PATCH", // this component can only update whether an addon is active or not
diff --git a/src/addons/types.ts b/src/addons/types.ts
index 86ed8cf9e..b7cbbc78a 100644
--- a/src/addons/types.ts
+++ b/src/addons/types.ts
@@ -60,8 +60,8 @@ interface AddOnParameters {
 // https://api.www.documentcloud.org/api/addons/
 export interface AddOnListItem {
   id: number;
-  user: number;
-  organization: number;
+  user: null | number;
+  organization: null | number;
   access: "public" | "private";
   name: string;
   repository: string;
diff --git a/src/api/session.ts b/src/api/session.ts
index 3ed07a6e6..97c4da24e 100644
--- a/src/api/session.ts
+++ b/src/api/session.ts
@@ -25,7 +25,7 @@ export function getCsrfToken() {
       ?.split(";")
       ?.map((c) => c.split("="))
       // in case there's spaces in the cookie string, trim the key
-      ?.find(([k, v]) => k.trim() === CSRF_COOKIE_NAME) ?? [];
+      ?.find(([k, v]) => k?.trim() === CSRF_COOKIE_NAME) ?? [];
 
   return token;
 }
diff --git a/src/api/types/project.ts b/src/api/types/project.ts
index 08af727dd..41eedc08f 100644
--- a/src/api/types/project.ts
+++ b/src/api/types/project.ts
@@ -7,7 +7,7 @@ export interface Project {
   private: boolean;
   created_at: string;
   updated_at: string;
-  edit_access: boolean;
-  add_remove_access: boolean;
+  edit_access: null | boolean;
+  add_remove_access: null | boolean;
   pinned?: boolean;
 }
diff --git a/src/common/Button.svelte b/src/common/Button.svelte
index ae60e78e6..f61074197 100644
--- a/src/common/Button.svelte
+++ b/src/common/Button.svelte
@@ -23,7 +23,7 @@
   export let type: "submit" | "reset" | "button" = "submit";
   export let label = "Submit";
 
-  export let disabledReason = null;
+  export let disabledReason = "";
 </script>
 
 <Tooltip caption={disabledReason}>
diff --git a/src/common/RelativeTime.svelte b/src/common/RelativeTime.svelte
index 182e1e68f..2a8feafdb 100644
--- a/src/common/RelativeTime.svelte
+++ b/src/common/RelativeTime.svelte
@@ -3,7 +3,7 @@
 
   export let date: Date;
 
-  const relativeFormatter = new Intl.RelativeTimeFormat($locale, {
+  const relativeFormatter = new Intl.RelativeTimeFormat($locale ?? "en", {
     style: "long",
   });
 
@@ -24,23 +24,30 @@
 
   function formatTimeAgo(date: Date): string {
     let duration = (date.getTime() - new Date().getTime()) / 1000;
+    let formatted: string = "";
 
     for (let i = 0; i < DIVISIONS.length; i++) {
-      const division = DIVISIONS[i];
+      const division = DIVISIONS[i]!;
       if (Math.abs(duration) < division.amount) {
-        return relativeFormatter.format(Math.round(duration), division.name);
+        formatted = relativeFormatter.format(
+          Math.round(duration),
+          division.name,
+        );
+        break;
       }
       duration /= division.amount;
     }
+
+    return formatted;
   }
 </script>
 
+<time datetime={date.toISOString()} title={date.toISOString()}>
+  {formatTimeAgo(date)}
+</time>
+
 <style>
   time {
     cursor: default;
   }
 </style>
-
-<time datetime={date.toISOString()} title={date.toISOString()}>
-  {formatTimeAgo(date)}
-</time>
diff --git a/src/langs/json/en.json b/src/langs/json/en.json
index 70a439bea..41c05a019 100644
--- a/src/langs/json/en.json
+++ b/src/langs/json/en.json
@@ -1046,7 +1046,8 @@
       "memberMessage": "This Premium Add-On uses AI to perform advanced analysis. Contact your organization admin about upgrading your plan."
     },
     "dispatch": "Dispatch",
-    "history": "History"
+    "history": "History",
+    "noHistory": "You have not run this add-on before"
   },
   "addonBrowserDialog": {
     "title": "Browse Add-Ons",
@@ -1108,6 +1109,7 @@
   "mailkey": {
     "title": "Upload via email",
     "description": "<p>You can upload documents to your account by sending them to to a special email address as attachments.</p><p><strong>For security reasons, this email is only shown to you once. Please copy it to a secure location.</strong></p><p>This address will accept attachments from any email account. Documents are uploaded as private. Generating a new upload address will disable any previously created addresses.</p><p>We’d love your feedback and to hear about creative use cases at <a href=\"mailto:info@documentcloud.org\" target=\"_blank\">info@documentcloud.org</a>.</p>",
+    "missing_csrf": "Missing CSRF token",
     "create": {
       "button": "Create new email address",
       "success": "<strong>Upload email address succesfully created</strong>:<br> <a href=\"mailto:{mailkey}@uploads.documentcloud.org\" target=\"_blank\">{mailkey}@uploads.documentcloud.org</a>",
@@ -1142,6 +1144,7 @@
   "processing": {
     "addons": "Add-Ons",
     "documents": "Documents",
+    "unknown": "Unknown",
     "totalCount": "{n} active {n, plural, one {process} other {processes}}"
   },
   "feedback": {
diff --git a/src/lib/api/addons.ts b/src/lib/api/addons.ts
index e0f458301..4eaaaed98 100644
--- a/src/lib/api/addons.ts
+++ b/src/lib/api/addons.ts
@@ -69,10 +69,11 @@ export async function getAddon(
   const repository = [owner, repo].join("/");
   const { data: addons, error } = await getAddons({ repository }, fetch);
   // there should only be one result, if the addon exists
-  if (error || addons.results.length < 1) {
+
+  if (error || !addons || addons.results.length < 1) {
     return null;
   }
-  return addons.results[0];
+  return addons.results[0] ?? null;
 }
 
 export async function getEvent(
@@ -298,17 +299,15 @@ export function buildPayload(
   const payload: AddOnPayload = { addon: addon.id, parameters };
 
   const selection = formData.get("selection");
+  const documents = formData.get("documents");
+  const query = formData.get("query");
 
-  if (selection === "selected") {
-    payload.documents = formData
-      .get("documents")
-      .toString()
-      .split(",")
-      .map(Number);
+  if (selection === "selected" && documents) {
+    payload.documents = documents.toString().split(",").map(Number);
   }
 
-  if (selection === "query") {
-    payload.query = formData.get("query").toString();
+  if (selection === "query" && query) {
+    payload.query = query.toString();
   }
 
   if (formData.has("event")) {
diff --git a/src/lib/api/documents.ts b/src/lib/api/documents.ts
index a83049c18..34e004dc8 100644
--- a/src/lib/api/documents.ts
+++ b/src/lib/api/documents.ts
@@ -252,7 +252,7 @@ export async function process(
   }[],
   csrf_token: string,
   fetch = globalThis.fetch,
-): Promise<APIResponse<"OK", unknown>> {
+): Promise<APIResponse<null, unknown>> {
   const endpoint = new URL("documents/process/", BASE_API_URL);
 
   const resp = await fetch(endpoint, {
@@ -561,9 +561,9 @@ export function pageFromHash(hash: string): Nullable<number> {
   const re = /^#document\/p(\d+)/; // match pages and notes
   const match = re.exec(hash);
 
-  if (!match) return null;
+  if (!match || !match[1]) return null;
 
-  return +match[1] || null;
+  return +match[1];
 }
 
 /**
diff --git a/src/lib/api/notes.ts b/src/lib/api/notes.ts
index 9635f37d5..0c9062b08 100644
--- a/src/lib/api/notes.ts
+++ b/src/lib/api/notes.ts
@@ -4,6 +4,8 @@ import type {
   Document,
   Note,
   NoteResults,
+  Nullable,
+  Page,
   ValidationError,
 } from "./types";
 
@@ -22,18 +24,19 @@ import { getApiResponse, isErrorCode } from "../utils";
  * @example https://api.www.documentcloud.org/api/documents/2622/notes/
  * @deprecated
  */
-export async function list(doc_id: number, fetch = globalThis.fetch) {
+export async function list(
+  doc_id: number,
+  fetch = globalThis.fetch,
+): Promise<APIResponse<Page<Note>>> {
   const endpoint = new URL(`documents/${doc_id}/notes/`, BASE_API_URL);
 
   endpoint.searchParams.set("expand", DEFAULT_EXPAND);
 
-  const resp = await fetch(endpoint, { credentials: "include" });
-
-  if (isErrorCode(resp.status)) {
-    throw new Error(resp.statusText);
-  }
+  const resp = await fetch(endpoint, { credentials: "include" }).catch(
+    console.error,
+  );
 
-  return resp.json();
+  return getApiResponse<Page<Note>>(resp);
 }
 
 /**
@@ -176,13 +179,12 @@ export function noteHashUrl(note: Note): string {
  * To get the page number, use pageFromHash
  * @param hash
  */
-export function noteFromHash(hash: string): number {
+export function noteFromHash(hash: string): Nullable<number> {
   const re = /^#document\/p(\d+)\/a(\d+)$/;
   const match = re.exec(hash);
 
-  if (!match) return null;
-
-  return +match[2] || null;
+  if (!match || !match[2]) return null;
+  return +match[2];
 }
 
 /** Width of a note, relative to the document */
diff --git a/src/lib/api/sections.ts b/src/lib/api/sections.ts
index 25a593713..fddcc8946 100644
--- a/src/lib/api/sections.ts
+++ b/src/lib/api/sections.ts
@@ -74,11 +74,17 @@ export async function get(
 export async function create(
   doc_id: string | number,
   section: { page_number: number; title: string },
-  csrf_token: string,
+  csrf_token: string | undefined,
   fetch = globalThis.fetch,
 ): Promise<APIResponse<Section, ValidationError>> {
   const endpoint = new URL(`documents/${doc_id}/sections/`, BASE_API_URL);
 
+  if (!csrf_token) {
+    return Promise.reject({
+      error: { status: 403, message: "CSRF token required" },
+    });
+  }
+
   const resp = await fetch(endpoint, {
     credentials: "include",
     body: JSON.stringify(section),
@@ -100,7 +106,7 @@ export async function update(
   doc_id: string | number,
   section_id: string | number,
   section: { page_number?: number; title?: string },
-  csrf_token: string,
+  csrf_token: string | undefined,
   fetch = globalThis.fetch,
 ): Promise<APIResponse<Section, ValidationError>> {
   const endpoint = new URL(
@@ -108,6 +114,12 @@ export async function update(
     BASE_API_URL,
   );
 
+  if (!csrf_token) {
+    return Promise.reject({
+      error: { status: 403, message: "CSRF token required" },
+    });
+  }
+
   const resp = await fetch(endpoint, {
     credentials: "include",
     body: JSON.stringify(section),
@@ -128,7 +140,7 @@ export async function update(
 export async function remove(
   doc_id: string | number,
   section_id: string | number,
-  csrf_token: string,
+  csrf_token: string | undefined,
   fetch = globalThis.fetch,
 ): Promise<APIResponse<null, unknown>> {
   const endpoint = new URL(
@@ -136,6 +148,12 @@ export async function remove(
     BASE_API_URL,
   );
 
+  if (!csrf_token) {
+    return Promise.reject({
+      error: { status: 403, message: "CSRF token required" },
+    });
+  }
+
   const resp = await fetch(endpoint, {
     credentials: "include",
     method: "DELETE",
diff --git a/src/lib/api/tests/addons.test.ts b/src/lib/api/tests/addons.test.ts
index 578e9bda6..ab3ccad8c 100644
--- a/src/lib/api/tests/addons.test.ts
+++ b/src/lib/api/tests/addons.test.ts
@@ -103,7 +103,7 @@ describe("getAddon", async () => {
 
 describe("addon payloads", () => {
   test("buildPayload single dispatch", () => {
-    const scraper = addonsList.results.find((a) => a.name === "Scraper");
+    const scraper = addonsList.results.find((a) => a.name === "Scraper")!;
     const parameters = {
       site: "https://www.documentcloud.org",
       project: "test",
@@ -118,7 +118,7 @@ describe("addon payloads", () => {
   });
 
   test("buildPayload scheduled event", () => {
-    const scraper = addonsList.results.find((a) => a.name === "Scraper");
+    const scraper = addonsList.results.find((a) => a.name === "Scraper")!;
     const parameters = {
       site: "https://www.documentcloud.org",
       project: "test",
@@ -140,7 +140,7 @@ describe("addon payloads", () => {
   test("buildPayload array param", () => {
     const siteSnapshot = addonsList.results.find(
       (a) => a.name === "Site Snapshot",
-    );
+    )!;
     const parameters = {
       sites: ["https://www.muckrock.com", "https://www.documentcloud.org"],
       project_id: 1,
@@ -159,7 +159,7 @@ describe("addon payloads", () => {
   });
 
   test("buildPayload remove blank values", () => {
-    const scraper = addonsList.results.find((a) => a.name === "Scraper");
+    const scraper = addonsList.results.find((a) => a.name === "Scraper")!;
 
     const parameters = {
       site: "https://www.documentcloud.org",
@@ -187,7 +187,7 @@ describe("addon payloads", () => {
   test("buildPayload with documents", () => {
     const translate = addonsList.results.find(
       (a) => a.name === "Translate Documents",
-    );
+    )!;
     const parameters = {
       access_level: "public",
       project_id: 1,
@@ -219,7 +219,7 @@ describe("addon payloads", () => {
   test("buildPayload with query", () => {
     const translate = addonsList.results.find(
       (a) => a.name === "Translate Documents",
-    );
+    )!;
     const parameters = {
       access_level: "public",
       project_id: 1,
diff --git a/src/lib/api/tests/collaborators.test.ts b/src/lib/api/tests/collaborators.test.ts
index f4622c78f..dfebcf48a 100644
--- a/src/lib/api/tests/collaborators.test.ts
+++ b/src/lib/api/tests/collaborators.test.ts
@@ -74,7 +74,7 @@ describe("manage project users", () => {
 
     const { data } = await collaborators.add(
       project.id,
-      { email: me.email, access: "admin" },
+      { email: me.email!, access: "admin" },
       "token",
       mockFetch,
     );
@@ -105,7 +105,7 @@ describe("manage project users", () => {
       const { user, access } = JSON.parse(options.body);
       const updated: ProjectUser = users.results.find(
         (u) => u.user.id === 1020,
-      );
+      )!;
 
       return {
         ok: true,
@@ -119,7 +119,7 @@ describe("manage project users", () => {
       };
     });
 
-    const me = users.results.find((u) => u.user.id === 1020);
+    const me = users.results.find((u) => u.user.id === 1020)!;
 
     const { data: updated } = await collaborators.update(
       project.id,
@@ -154,7 +154,7 @@ describe("manage project users", () => {
       };
     });
 
-    const me = users.results.find((u) => u.user.id === 1020);
+    const me = users.results.find((u) => u.user.id === 1020)!;
     const { data } = await collaborators.remove(
       project.id,
       me.user.id,
diff --git a/src/lib/api/tests/documents.test.ts b/src/lib/api/tests/documents.test.ts
index 6c1fd8f49..a8c1b0919 100644
--- a/src/lib/api/tests/documents.test.ts
+++ b/src/lib/api/tests/documents.test.ts
@@ -32,7 +32,7 @@ const test = base.extend({
       "@/test/fixtures/documents/search-highlight.json"
     );
 
-    await use(results as DocumentResults);
+    await use(results as unknown as DocumentResults);
   },
 
   document: async ({}, use: Use<Document>) => {
@@ -299,19 +299,22 @@ describe("document uploads and processing", () => {
     );
 
     const resp = await documents.upload(
-      new URL(created.presigned_url),
+      new URL(created.presigned_url as string), // we know what this is
       file,
       mockFetch,
     );
 
     expect(resp.ok).toBeTruthy();
-    expect(mockFetch).toHaveBeenCalledWith(new URL(created.presigned_url), {
-      body: file,
-      headers: {
-        "Content-Type": file.type,
+    expect(mockFetch).toHaveBeenCalledWith(
+      new URL(created.presigned_url as string),
+      {
+        body: file,
+        headers: {
+          "Content-Type": file.type,
+        },
+        method: "PUT",
       },
-      method: "PUT",
-    });
+    );
   });
 
   test("documents.process", async ({ created }) => {
@@ -506,7 +509,7 @@ describe("document write methods", () => {
       mockFetch,
     );
 
-    expect(updated.title).toStrictEqual("Updated title");
+    expect(updated?.title).toStrictEqual("Updated title");
   });
 
   test("documents.edit_many", async ({ documents: docs }) => {
@@ -568,7 +571,7 @@ describe("document write methods", () => {
       mockFetch,
     );
 
-    expect(data["_tag"]).toEqual(["one", "two"]);
+    expect(data?.["_tag"]).toEqual(["one", "two"]);
     expect(mockFetch).toBeCalledWith(
       new URL(`documents/${document.id}/data/_tag/`, BASE_API_URL),
       {
diff --git a/src/lib/api/tests/notes.test.ts b/src/lib/api/tests/notes.test.ts
index 37bba9d83..3bbaf8a94 100644
--- a/src/lib/api/tests/notes.test.ts
+++ b/src/lib/api/tests/notes.test.ts
@@ -184,6 +184,7 @@ describe("note helper methods", () => {
   });
 
   test("isPageLevel", ({ note }) => {
+    // @ts-ignore
     const copy: Note = { ...note, x1: null, x2: null, y1: null, y2: null };
 
     expect(notes.isPageLevel(copy)).toBeTruthy();
diff --git a/src/lib/api/tests/sections.test.ts b/src/lib/api/tests/sections.test.ts
index 5d4d3718b..5a69eaf5e 100644
--- a/src/lib/api/tests/sections.test.ts
+++ b/src/lib/api/tests/sections.test.ts
@@ -75,7 +75,7 @@ describe("sections: writing", () => {
   });
 
   test("sections.update", async ({ document, sectionList }) => {
-    const section = sectionList.results[0];
+    const section = sectionList.results[0]!;
 
     const mockFetch = vi.fn().mockImplementation(async (endpoint, options) => {
       const updated = { ...section, ...JSON.parse(options.body) };
@@ -118,7 +118,7 @@ describe("sections: writing", () => {
   });
 
   test("sections.remove", async ({ document, sectionList }) => {
-    const section = sectionList.results[0];
+    const section = sectionList.results[0]!;
     const mockFetch = vi.fn().mockImplementation(async (endpoint, options) => {
       return {
         ok: true,
diff --git a/src/lib/api/types.d.ts b/src/lib/api/types.d.ts
index 9294d6a47..84e8ae827 100644
--- a/src/lib/api/types.d.ts
+++ b/src/lib/api/types.d.ts
@@ -90,8 +90,8 @@ interface AddOnParameters {
 // API endpoint https://api.www.documentcloud.org/api/addons/
 export interface AddOnListItem {
   id: number;
-  user: number;
-  organization: number;
+  user: null | number;
+  organization: null | number;
   access: "public" | "private";
   name: string;
   repository: string;
diff --git a/src/lib/components/accounts/Avatar.svelte b/src/lib/components/accounts/Avatar.svelte
index d7ec46879..f4e2b38e6 100644
--- a/src/lib/components/accounts/Avatar.svelte
+++ b/src/lib/components/accounts/Avatar.svelte
@@ -1,9 +1,9 @@
 <script lang="ts">
-  import type { User, Org } from "@/api/types";
+  import type { User, Org, Maybe } from "$lib/api/types";
   import { Person16, Organization16 } from "svelte-octicons";
 
-  export let user: User = undefined;
-  export let org: Org = undefined;
+  export let user: Maybe<User> = undefined;
+  export let org: Maybe<Org> = undefined;
 </script>
 
 <div class="avatar">
diff --git a/src/lib/components/accounts/Mailkey.svelte b/src/lib/components/accounts/Mailkey.svelte
index 5a3e50857..f9d2b1fff 100644
--- a/src/lib/components/accounts/Mailkey.svelte
+++ b/src/lib/components/accounts/Mailkey.svelte
@@ -20,6 +20,11 @@
   async function create() {
     reset();
     const csrf_token = getCsrfToken();
+    if (!csrf_token) {
+      error = true;
+      message = $_("mailkey.missing_csrf");
+      return;
+    }
     const mailkey = await createMailkey(csrf_token, fetch);
     if (mailkey) {
       message = $_("mailkey.create.success", {
@@ -34,6 +39,11 @@
   async function destroy() {
     reset();
     const csrf_token = getCsrfToken();
+    if (!csrf_token) {
+      error = true;
+      message = $_("mailkey.missing_csrf");
+      return;
+    }
     if (await destroyMailkey(csrf_token, fetch)) {
       message = $_("mailkey.destroy.success");
     } else {
diff --git a/src/lib/components/addons/AddOnMeta.svelte b/src/lib/components/addons/AddOnMeta.svelte
index b7f538947..3f87d1064 100644
--- a/src/lib/components/addons/AddOnMeta.svelte
+++ b/src/lib/components/addons/AddOnMeta.svelte
@@ -2,7 +2,7 @@
   import type { AddOnListItem } from "@/addons/types";
 
   import { _ } from "svelte-i18n";
-  import { MarkGithub16, Share16 } from "svelte-octicons";
+  import { MarkGithub16 } from "svelte-octicons";
 
   import Button from "$lib/components/common/Button.svelte";
   import Flex from "@/lib/components/common/Flex.svelte";
@@ -34,10 +34,6 @@
       <h3>{github_org}</h3>
     </Metadata>
     <Flex>
-      <!-- <Button ghost mode="primary">
-        <Share16 />
-        {$_("addonDispatchDialog.share")}
-      </Button> -->
       <Button ghost mode="primary" href={repo} target="_blank">
         <MarkGithub16 />
         {$_("addonDispatchDialog.viewsource")}
diff --git a/src/lib/components/addons/History.svelte b/src/lib/components/addons/History.svelte
index 6c87bebb8..b910f0565 100644
--- a/src/lib/components/addons/History.svelte
+++ b/src/lib/components/addons/History.svelte
@@ -1,5 +1,5 @@
 <script lang="ts">
-  import type { Page } from "@/api/types/common";
+  import type { Maybe, Nullable, Page } from "$lib/api/types";
   import type { Run } from "@/addons/types";
 
   import { _ } from "svelte-i18n";
@@ -12,8 +12,8 @@
   import Empty from "../common/Empty.svelte";
 
   export let runs: Run[];
-  export let previous: string = undefined;
-  export let next: string = undefined;
+  export let previous: Maybe<Nullable<string>> = undefined;
+  export let next: Maybe<Nullable<string>> = undefined;
 
   export let loading = false;
 
@@ -63,10 +63,10 @@
       has_next={Boolean(next)}
       has_previous={Boolean(previous)}
       on:next={(e) => {
-        load(new URL(next));
+        if (next) load(new URL(next));
       }}
       on:previous={(e) => {
-        load(new URL(previous));
+        if (previous) load(new URL(previous));
       }}
     />
   {/if}
diff --git a/src/lib/components/addons/ScheduledEvent.svelte b/src/lib/components/addons/ScheduledEvent.svelte
index 24032070c..3d9fee14c 100644
--- a/src/lib/components/addons/ScheduledEvent.svelte
+++ b/src/lib/components/addons/ScheduledEvent.svelte
@@ -29,7 +29,7 @@
 
   $: disabled = event.event === 0;
   $: key = event.addon?.parameters?.eventOptions?.name;
-  $: target = event.parameters[key];
+  $: target = key ? event.parameters[key] : undefined;
 
   function url(event: Event) {
     return `/add-ons/${event.addon.repository}/${event.id}/`;
diff --git a/src/lib/components/common/Action.svelte b/src/lib/components/common/Action.svelte
index e12e2773f..94f4c6a86 100644
--- a/src/lib/components/common/Action.svelte
+++ b/src/lib/components/common/Action.svelte
@@ -1,9 +1,9 @@
 <script lang="ts">
   import type { SvgComponent } from "svelte-octicons";
 
-  export let icon: typeof SvgComponent = null;
+  export let icon: null | typeof SvgComponent = null;
   export let disabled = false;
-  export let title: string = undefined;
+  export let title: undefined | string = undefined;
 </script>
 
 <span
diff --git a/src/lib/components/common/AddOns.svelte b/src/lib/components/common/AddOns.svelte
index 782fc1c9b..96a454928 100644
--- a/src/lib/components/common/AddOns.svelte
+++ b/src/lib/components/common/AddOns.svelte
@@ -53,7 +53,7 @@
       {#if error}
         <Error>{error.message}</Error>
       {:else}
-        {#each data.results as addon}
+        {#each data?.results ?? [] as addon}
           <SidebarItem small href={getHref(query, addon)}>
             <Pin active={addon.active} slot="start" />
             {addon.name}
diff --git a/src/lib/components/common/Button.svelte b/src/lib/components/common/Button.svelte
index 6dd0c5619..abc734b63 100644
--- a/src/lib/components/common/Button.svelte
+++ b/src/lib/components/common/Button.svelte
@@ -17,15 +17,15 @@
   export let type: "submit" | "reset" | "button" = "button";
   export let label = "Submit";
   // anchor-specific properties
-  export let href: string = undefined;
-  export let target: string = undefined;
-  export let download: boolean | string = undefined;
-  export let rel: string =
+  export let href: undefined | string = undefined;
+  export let target: undefined | string = undefined;
+  export let download: undefined | boolean | string = undefined;
+  export let rel: undefined | string =
     target === "_blank" ? "noopener noreferrer" : undefined;
   // button-specific properties
-  export let name: string = undefined;
+  export let name: undefined | string = undefined;
   export let value: any = undefined;
-  export let formaction: string = undefined;
+  export let formaction: undefined | string = undefined;
 </script>
 
 {#if href}
diff --git a/src/lib/components/common/Empty.svelte b/src/lib/components/common/Empty.svelte
index 66bf6dfb1..1b536ecfc 100644
--- a/src/lib/components/common/Empty.svelte
+++ b/src/lib/components/common/Empty.svelte
@@ -1,7 +1,7 @@
 <script lang="ts">
   import type { SvgComponent } from "svelte-octicons";
 
-  export let icon: typeof SvgComponent = null;
+  export let icon: null | typeof SvgComponent = null;
 </script>
 
 <div class="container">
diff --git a/src/lib/components/common/Flex.svelte b/src/lib/components/common/Flex.svelte
index b30c89720..450a9dfda 100644
--- a/src/lib/components/common/Flex.svelte
+++ b/src/lib/components/common/Flex.svelte
@@ -13,7 +13,7 @@
   export let reverse = false;
   export let gap: number = 0.5;
   export let wrap: boolean = false;
-  export let role: AriaRole = null;
+  export let role: null | AriaRole = null;
 
   const alignMap: Record<Align, string> = {
     start: "flex-start",
diff --git a/src/lib/components/common/KV.svelte b/src/lib/components/common/KV.svelte
index 08e204888..261c30187 100644
--- a/src/lib/components/common/KV.svelte
+++ b/src/lib/components/common/KV.svelte
@@ -1,7 +1,7 @@
 <script lang="ts">
   export let key: string = "";
   export let value: string;
-  export let href: string = null;
+  export let href: null | string = null;
   export let inline: boolean = false;
   export let tag: boolean = false;
 </script>
diff --git a/src/lib/components/common/MenuItem.svelte b/src/lib/components/common/MenuItem.svelte
index bd291fa20..1ec773582 100644
--- a/src/lib/components/common/MenuItem.svelte
+++ b/src/lib/components/common/MenuItem.svelte
@@ -7,8 +7,8 @@
   export let disabled = false;
   export let indent = false;
   export let special = false;
-  export let href = null;
-  export let target = null;
+  export let href: string | null | undefined = null;
+  export let target: string | null | undefined = null;
   export let selected = false;
 
   let className = "";
diff --git a/src/lib/components/common/PageToolbar.svelte b/src/lib/components/common/PageToolbar.svelte
index 9e8506c94..bc90fd130 100644
--- a/src/lib/components/common/PageToolbar.svelte
+++ b/src/lib/components/common/PageToolbar.svelte
@@ -4,7 +4,7 @@
   It's slotted for composition based on the page it's on.
 -->
 <script lang="ts">
-  export let width: number = undefined;
+  export let width: undefined | number = undefined;
 </script>
 
 <div class="toolbar" bind:clientWidth={width}>
diff --git a/src/lib/components/common/Paginator.svelte b/src/lib/components/common/Paginator.svelte
index 97c5945d6..1ce829d80 100644
--- a/src/lib/components/common/Paginator.svelte
+++ b/src/lib/components/common/Paginator.svelte
@@ -23,7 +23,7 @@
   let inputValue = page;
   $: inputWidth = String(inputValue ?? 0).length;
   $: invalidValue =
-    inputValue > totalPages ||
+    (inputValue && totalPages && inputValue > totalPages) ||
     !inputValue ||
     !isInt.test(inputValue.toString());
   $: {
@@ -31,11 +31,11 @@
   }
 
   function previous() {
-    dispatch("previous", page - 1);
+    if (page) dispatch("previous", page - 1);
   }
 
   function next() {
-    dispatch("next", page + 1);
+    if (page) dispatch("next", page + 1);
   }
 
   function goTo(page: number) {
diff --git a/src/lib/components/common/Premium.svelte b/src/lib/components/common/Premium.svelte
index 35db98b0d..04327d150 100644
--- a/src/lib/components/common/Premium.svelte
+++ b/src/lib/components/common/Premium.svelte
@@ -11,9 +11,10 @@
   const me = getContext<Writable<User>>("me");
 
   $: org = $me?.organization;
-  $: isPremium = isOrg(org)
-    ? ["Organization", "Professional"].includes(org.plan)
-    : false;
+  $: isPremium =
+    isOrg(org) && org.plan
+      ? ["Organization", "Professional"].includes(org.plan)
+      : false;
 </script>
 
 {#if isPremium}
diff --git a/src/lib/components/common/TipOfDay.svelte b/src/lib/components/common/TipOfDay.svelte
index ef416e8c5..adf0f81c0 100644
--- a/src/lib/components/common/TipOfDay.svelte
+++ b/src/lib/components/common/TipOfDay.svelte
@@ -6,9 +6,9 @@
 
   const storage = new StorageManager("tip-of-day");
 
-  export function showTip(message: string) {
+  export function showTip(message: string): boolean {
     return message === storage.get("message")
-      ? storage.get<boolean, boolean>("show", true)
+      ? (storage.get<boolean, boolean>("show", true) ?? true)
       : true;
   }
 
diff --git a/src/lib/components/common/Toast.svelte b/src/lib/components/common/Toast.svelte
index 64404e13a..6ec44ea76 100644
--- a/src/lib/components/common/Toast.svelte
+++ b/src/lib/components/common/Toast.svelte
@@ -14,21 +14,23 @@
   } from "svelte-octicons";
 
   import { TOAST_LENGTH } from "@/config/config.js";
+  import type { Maybe, Nullable } from "$lib/api/types";
 
-  export let id: string | number = undefined;
-  export let status: "info" | "success" | "warning" | "error" = undefined;
+  type Status = "info" | "success" | "warning" | "error";
+
+  export let id: undefined | string | number = undefined;
+  export let status: Maybe<Status> = undefined;
   export let lifespan: number | null = TOAST_LENGTH;
 
-  let toastTimeout = null;
+  let toastTimeout: Nullable<ReturnType<typeof setTimeout>> = null;
 
-  const statusIcons: Record<typeof status | "undefined", typeof SvgComponent> =
-    {
-      undefined: Circle16,
-      info: Info16,
-      success: CheckCircle16,
-      warning: Alert16,
-      error: Stop16,
-    };
+  const statusIcons: Record<Status | "undefined", typeof SvgComponent> = {
+    undefined: Circle16,
+    info: Info16,
+    success: CheckCircle16,
+    warning: Alert16,
+    error: Stop16,
+  };
 
   const dispatch = createEventDispatcher();
 
@@ -46,13 +48,13 @@
   function reset() {
     dispatch("reset");
     cancel();
-    if (Boolean(lifespan)) {
+    if (lifespan !== null) {
       toastTimeout = setTimeout(close, lifespan);
     }
   }
 
   onMount(() => {
-    if (Boolean(lifespan)) {
+    if (lifespan !== null) {
       toastTimeout = setTimeout(close, lifespan);
     }
   });
diff --git a/src/lib/components/common/Tooltip.svelte b/src/lib/components/common/Tooltip.svelte
index 6c7082de4..17c103f97 100644
--- a/src/lib/components/common/Tooltip.svelte
+++ b/src/lib/components/common/Tooltip.svelte
@@ -11,7 +11,7 @@
     type MiddlewareData,
   } from "@floating-ui/dom";
 
-  export let caption: string | ComponentType;
+  export let caption: string | ComponentType | undefined;
   export let placement: Placement = "bottom";
   export let offset: number = 6;
   export let arrow = false;
@@ -23,14 +23,16 @@
 
   function positionArrow(placement: Placement, middlewareData: MiddlewareData) {
     // Accessing the data
-    const { x: arrowX, y: arrowY } = middlewareData.arrow;
+    const { x: arrowX, y: arrowY } = middlewareData.arrow ?? {};
 
-    const staticSide = {
-      top: "bottom",
-      right: "left",
-      bottom: "top",
-      left: "right",
-    }[placement.split("-")[0]];
+    const placementFirst = placement.split("-")[0] ?? "top";
+    const staticSide =
+      {
+        top: "bottom",
+        right: "left",
+        bottom: "top",
+        left: "right",
+      }[placementFirst] ?? "bottom";
 
     Object.assign(arrowRef.style, {
       left: arrowX != null ? `${arrowX}px` : "",
diff --git a/src/lib/components/common/stories/Highlight.stories.svelte b/src/lib/components/common/stories/Highlight.stories.svelte
index 0ef53911c..92cc97341 100644
--- a/src/lib/components/common/stories/Highlight.stories.svelte
+++ b/src/lib/components/common/stories/Highlight.stories.svelte
@@ -7,7 +7,7 @@
   import searchResultsFixture from "@/test/fixtures/documents/search-highlight.json";
 
   const document = searchResultsFixture.results[0];
-  const noteHighlights = document.note_highlights["197010"];
+  const noteHighlights = document?.note_highlights["197010"]!;
 
   export const meta: Meta = {
     title: "Components / Common / Highlight",
diff --git a/src/lib/components/common/tests/Toast.test.ts b/src/lib/components/common/tests/Toast.test.ts
index 7de2775f8..b5fa12b8c 100644
--- a/src/lib/components/common/tests/Toast.test.ts
+++ b/src/lib/components/common/tests/Toast.test.ts
@@ -1,14 +1,6 @@
-import {
-  vi,
-  describe,
-  it,
-  expect,
-  beforeEach,
-  afterEach,
-  type Mock,
-} from "vitest";
-import { render, screen, waitFor } from "@testing-library/svelte";
-import { userEvent, type UserEvent } from "@testing-library/user-event";
+import { vi, describe, it, expect } from "vitest";
+import { render } from "@testing-library/svelte";
+import { userEvent } from "@testing-library/user-event";
 import Toast from "../Toast.svelte";
 
 describe("Toast", () => {
diff --git a/src/lib/components/documents/DocumentListItem.svelte b/src/lib/components/documents/DocumentListItem.svelte
index 508b9cae0..350be3f9b 100644
--- a/src/lib/components/documents/DocumentListItem.svelte
+++ b/src/lib/components/documents/DocumentListItem.svelte
@@ -24,13 +24,13 @@ If we're in an embed, we want to open links to documents in new tabs and hide th
     pageImageUrl,
     userOrgString,
   } from "@/lib/api/documents";
-  import { pageSizesFromSpec } from "@/api/pageSize.js";
+  import { pageSizesFromSpec } from "$lib/utils/pageSize";
 
   export let document: Document;
 
   const embed: boolean = getContext("embed");
 
-  const thumbnailWidth = IMAGE_WIDTHS_MAP.get("thumbnail");
+  const thumbnailWidth = IMAGE_WIDTHS_MAP.get("thumbnail") ?? 60;
 
   // this can be updated later if we want different icons
   const statusIcons = {
@@ -40,7 +40,7 @@ If we're in an embed, we want to open links to documents in new tabs and hide th
   };
 
   $: sizes = document.page_spec ? pageSizesFromSpec(document.page_spec) : null;
-  $: aspect = sizes ? sizes[0] : 11 / 8.5; // fallback to US letter for now
+  $: aspect = sizes?.[0] ?? 11 / 8.5; // fallback to US letter for now
   $: height = thumbnailWidth * aspect;
   $: date = new Date(document.created_at).toDateString();
   $: projects = document.projects?.every((p) => typeof p === "object")
@@ -99,7 +99,9 @@ If we're in an embed, we want to open links to documents in new tabs and hide th
     {#if tabs.length > 0}
       <div class="tabs">
         {#each tabs as access}
-          <NoteTab {access} size="small" />
+          {#if access}
+            <NoteTab {access} size="small" />
+          {/if}
         {/each}
       </div>
     {/if}
diff --git a/src/lib/components/documents/Metadata.svelte b/src/lib/components/documents/Metadata.svelte
index de568c63a..aac7eeb9c 100644
--- a/src/lib/components/documents/Metadata.svelte
+++ b/src/lib/components/documents/Metadata.svelte
@@ -8,7 +8,7 @@
   - text language
 -->
 <script lang="ts">
-  import type { Document, DocumentText } from "$lib/api/types";
+  import type { Document, DocumentText, Maybe } from "$lib/api/types";
 
   import { _ } from "svelte-i18n";
 
@@ -17,7 +17,7 @@
   import Metadata from "../common/Metadata.svelte";
 
   export let document: Document;
-  export let text: DocumentText;
+  export let text: Maybe<DocumentText>;
 
   const ocrEngineMap = {
     tess4: "Tesseract",
@@ -29,8 +29,7 @@
   };
 
   const engines = Object.keys(ocrEngineMap);
-
-  let engine: string;
+  let engine: Maybe<string>;
 
   $: ocrEngine =
     text?.pages
diff --git a/src/lib/components/documents/NoteHighlights.svelte b/src/lib/components/documents/NoteHighlights.svelte
index e9147ac85..52e9d6bfe 100644
--- a/src/lib/components/documents/NoteHighlights.svelte
+++ b/src/lib/components/documents/NoteHighlights.svelte
@@ -27,11 +27,12 @@
   export let document: Document;
   export let open = false;
 
-  $: highlights = Object.entries(document.note_highlights);
-  $: notes = new Map(document.notes.map((n) => [n.id, n]));
+  $: highlights = Object.entries(document.note_highlights ?? {});
+  $: notes = new Map(document.notes?.map((n) => [n.id, n]));
 
   function noteHref(id: string): string {
     const note = notes.get(id);
+    if (!note) return "";
     return noteUrl(document, note).toString();
   }
 </script>
diff --git a/src/lib/components/documents/PageHighlights.svelte b/src/lib/components/documents/PageHighlights.svelte
index d7dca8910..ed2b77d14 100644
--- a/src/lib/components/documents/PageHighlights.svelte
+++ b/src/lib/components/documents/PageHighlights.svelte
@@ -24,7 +24,7 @@
   export let document: Document;
   export let open = false;
 
-  $: highlights = Object.entries(document.highlights);
+  $: highlights = Object.entries(document.highlights ?? {});
 
   function pageHref(id: string): string {
     const pageNo = pageNumber(id);
diff --git a/src/lib/components/documents/ResultsList.svelte b/src/lib/components/documents/ResultsList.svelte
index 199d4cbb1..a5577b269 100644
--- a/src/lib/components/documents/ResultsList.svelte
+++ b/src/lib/components/documents/ResultsList.svelte
@@ -1,6 +1,6 @@
 <script context="module" lang="ts">
   import { writable, type Writable } from "svelte/store";
-  import type { Document, DocumentResults } from "$lib/api/types";
+  import type { Document, DocumentResults, Maybe } from "$lib/api/types";
 
   // IDs might be strings or numbers, depending on the API endpoint
   // enforce type consistency here to avoid comparison bugs later
@@ -23,7 +23,7 @@
   import PageHighlights from "./PageHighlights.svelte";
 
   export let results: Document[] = [];
-  export let count: number = undefined;
+  export let count: Maybe<number> = undefined;
   export let next: string | null = null;
   export let auto = false;
   export let preload: "hover" | "tap" = "hover";
@@ -54,7 +54,7 @@
     const r: DocumentResults = await res.json();
 
     results = [...results, ...r.results];
-    $total = r.count;
+    $total = r.count ?? $total;
     next = r.next;
     loading = false;
     if (auto) watch(end);
@@ -80,7 +80,7 @@
 
   onMount(() => {
     // set initial total, update later
-    $total = count;
+    $total = count ?? 0;
     if (auto) {
       observer = watch(end);
     }
@@ -125,7 +125,9 @@
         ghost
         mode="primary"
         disabled={loading}
-        on:click={(e) => load(new URL(next))}
+        on:click={(e) => {
+          if (next) load(new URL(next));
+        }}
       >
         {#if loading}
           Loading &hellip;
diff --git a/src/lib/components/documents/Share.svelte b/src/lib/components/documents/Share.svelte
index e31b47bf2..a2409e607 100644
--- a/src/lib/components/documents/Share.svelte
+++ b/src/lib/components/documents/Share.svelte
@@ -1,5 +1,5 @@
 <script context="module" lang="ts">
-  import type { Document } from "$lib/api/types";
+  import type { Document, Maybe } from "$lib/api/types";
 
   interface NoteOption {
     value: string | number;
@@ -47,7 +47,7 @@
 
   export let document: Document;
   export let page: number = 1;
-  export let note: string | number = null;
+  export let note: null | string | number = null;
   export let currentTab: "document" | "page" | "note" = "document";
 
   const noteOptions = document.notes?.map<NoteOption>((note) => ({
@@ -55,7 +55,7 @@
     label: `pg. ${note.page_number + 1} – ${note.title}`,
   }));
 
-  let selectedNote: NoteOption = note
+  let selectedNote: Maybe<NoteOption> = note
     ? noteOptions?.find(({ value }) => value === note)
     : noteOptions?.[0];
 
@@ -107,7 +107,7 @@
         break;
       case "note":
         const noteObject = document.notes?.find(
-          ({ id }) => String(id) === String(selectedNote.value),
+          ({ id }) => String(id) === String(selectedNote?.value),
         );
         if (noteObject) {
           permalink = noteUrl(document, noteObject);
@@ -193,7 +193,7 @@
             <Number bind:value={page} min={1} max={document.page_count} />
           </Field>
         </div>
-      {:else if currentTab === "note" && noteOptions.length > 0}
+      {:else if currentTab === "note" && noteOptions && noteOptions.length > 0}
         <div class="subselection">
           <Field>
             <FieldLabel>{$_("share.fields.note")}:</FieldLabel>
diff --git a/src/lib/components/documents/sidebar/Notes.svelte b/src/lib/components/documents/sidebar/Notes.svelte
index 17589f858..913443ef3 100644
--- a/src/lib/components/documents/sidebar/Notes.svelte
+++ b/src/lib/components/documents/sidebar/Notes.svelte
@@ -14,7 +14,7 @@
 
   export let document: Document;
 
-  $: notes = document.notes;
+  $: notes = document.notes ?? [];
   $: annotate = new URL("?mode=annotating", canonicalUrl(document)).href;
 </script>
 
diff --git a/src/lib/components/documents/sidebar/Sections.svelte b/src/lib/components/documents/sidebar/Sections.svelte
index a29760573..fd642910a 100644
--- a/src/lib/components/documents/sidebar/Sections.svelte
+++ b/src/lib/components/documents/sidebar/Sections.svelte
@@ -12,7 +12,7 @@
 
   export let document: Document;
 
-  $: sections = document.sections;
+  $: sections = document.sections ?? [];
   $: empty = sections.length === 0;
   $: annotate = new URL("?mode=annotating", canonicalUrl(document)).href;
 </script>
diff --git a/src/lib/components/documents/stories/NoteHighlights.stories.svelte b/src/lib/components/documents/stories/NoteHighlights.stories.svelte
index 3bb1b3766..015198731 100644
--- a/src/lib/components/documents/stories/NoteHighlights.stories.svelte
+++ b/src/lib/components/documents/stories/NoteHighlights.stories.svelte
@@ -5,7 +5,9 @@
 
   import search from "@/test/fixtures/documents/search-highlight.json";
 
-  const document = search.results.find((d) => d.id === "1501881") as Document;
+  const document = search.results.find(
+    (d) => d.id === "1501881",
+  ) as unknown as Document;
 
   export const meta = {
     title: "Components / Documents / Note Highlights",
diff --git a/src/lib/components/documents/stories/PageHighlights.stories.svelte b/src/lib/components/documents/stories/PageHighlights.stories.svelte
index 072b8d48c..3487685c6 100644
--- a/src/lib/components/documents/stories/PageHighlights.stories.svelte
+++ b/src/lib/components/documents/stories/PageHighlights.stories.svelte
@@ -7,7 +7,9 @@
   import search from "@/test/fixtures/documents/search-highlight.json";
 
   // find one document with highlights
-  const document = search.results.find((d) => d.id === "3913417") as Document;
+  const document = search.results.find(
+    (d) => d.id === "3913417",
+  ) as unknown as Document;
 
   export const meta = {
     title: "Components / Documents / Page Highlights",
diff --git a/src/lib/components/documents/stories/ResultsList.stories.svelte b/src/lib/components/documents/stories/ResultsList.stories.svelte
index f36bf6559..e819b78a8 100644
--- a/src/lib/components/documents/stories/ResultsList.stories.svelte
+++ b/src/lib/components/documents/stories/ResultsList.stories.svelte
@@ -7,12 +7,12 @@
 
   // typescript complains without the type assertion
   import searchResults from "@/test/fixtures/documents/search-highlight.json";
-  const highlighted = searchResults.results as Document[];
+  const highlighted = searchResults.results as unknown as Document[];
   const results = highlighted.map((d) => ({
     ...d,
     highlights: null,
     note_highlights: null,
-  }));
+  })) as unknown as Document[];
   const count = searchResults.count;
   const next = searchResults.next;
 
diff --git a/src/lib/components/documents/tests/ResultsList.test.ts b/src/lib/components/documents/tests/ResultsList.test.ts
index 193415e3c..1e67b0e78 100644
--- a/src/lib/components/documents/tests/ResultsList.test.ts
+++ b/src/lib/components/documents/tests/ResultsList.test.ts
@@ -6,7 +6,7 @@ import { render, screen, fireEvent } from "@testing-library/svelte";
 import ResultsList, { selected } from "../ResultsList.svelte";
 import searchResults from "@/test/fixtures/documents/search-highlight.json";
 
-const results = searchResults as DocumentResults;
+const results = searchResults as unknown as DocumentResults;
 
 const empty: DocumentResults = {
   results: [],
diff --git a/src/lib/components/documents/tests/Share.test.ts b/src/lib/components/documents/tests/Share.test.ts
index 9a6eaf203..16c04e879 100644
--- a/src/lib/components/documents/tests/Share.test.ts
+++ b/src/lib/components/documents/tests/Share.test.ts
@@ -53,10 +53,10 @@ describe("Share", () => {
     // Note tab
     await user.click(screen.getByText("Note"));
     expect(inputs[0]).toHaveValue(
-      noteUrl(document, document.notes[0]).toString(),
+      noteUrl(document, document.notes?.[0]!).toString(),
     );
     expect(inputs[1]).toHaveValue(
-      `<iframe src="${canonicalNoteUrl(document, document.notes[0])}?embed=1" />`,
+      `<iframe src="${canonicalNoteUrl(document, document.notes?.[0]!)}?embed=1" />`,
     );
   });
   it("allows the document embed to be customized, updating the embed URL accordingly", async () => {
@@ -71,13 +71,13 @@ describe("Share", () => {
     expect(screen.getByText("Width")).toBeInTheDocument();
     const radioSelections = screen.getAllByLabelText("Fixed");
     // Width
-    await user.click(radioSelections[0]);
+    await user.click(radioSelections[0]!);
     expect(inputs[0]).toHaveValue(canonicalUrl(document).toString());
     expect(inputs[1]).toHaveValue(
       `<iframe src="${embedUrl(document)}&width=500" width="500" />`,
     );
     // Height
-    await user.click(radioSelections[1]);
+    await user.click(radioSelections[1]!);
     expect(inputs[0]).toHaveValue(canonicalUrl(document).toString());
     expect(inputs[1]).toHaveValue(
       `<iframe src="${embedUrl(document)}&width=500&height=500" width="500" height="500" />`,
diff --git a/src/lib/components/forms/AddOnDispatch.svelte b/src/lib/components/forms/AddOnDispatch.svelte
index be10d2292..67b0f3fbb 100644
--- a/src/lib/components/forms/AddOnDispatch.svelte
+++ b/src/lib/components/forms/AddOnDispatch.svelte
@@ -6,7 +6,7 @@
 
 <script lang="ts">
   import type { Event, EventOptions, Run } from "@/addons/types";
-  import type { Maybe, Nullable } from "@/lib/api/types";
+  import type { Maybe, Nullable } from "$lib/api/types";
 
   import { enhance } from "$app/forms";
   import { afterNavigate } from "$app/navigation";
@@ -40,7 +40,7 @@
   const me = getCurrentUser();
 
   let form: HTMLFormElement;
-  let created: Maybe<Event | Run> = null;
+  let created: Nullable<Event | Run> = null;
   let running = false;
 
   $: validator = ajv.compile({ type: "object", properties, required });
diff --git a/src/lib/components/forms/BulkActions.svelte b/src/lib/components/forms/BulkActions.svelte
index 8598cf130..49852f8e1 100644
--- a/src/lib/components/forms/BulkActions.svelte
+++ b/src/lib/components/forms/BulkActions.svelte
@@ -8,7 +8,7 @@ Most actual actions are deferred to their own forms, so this is more of a switch
 
 <script lang="ts">
   import type { Writable } from "svelte/store";
-  import type { Document } from "$lib/api/types";
+  import type { Document, Nullable } from "$lib/api/types";
 
   import { getContext, type ComponentType } from "svelte";
   import { _ } from "svelte-i18n";
@@ -59,7 +59,7 @@ Most actual actions are deferred to their own forms, so this is more of a switch
     project: FileDirectory16,
   };
 
-  let visible: Action = null;
+  let visible: Nullable<Action> = null;
 
   // svelte 5 will let us do type coercion in templates
   function show(action: string) {
diff --git a/src/lib/components/forms/ConfirmDelete.svelte b/src/lib/components/forms/ConfirmDelete.svelte
index 1bc8734e6..98c31d421 100644
--- a/src/lib/components/forms/ConfirmDelete.svelte
+++ b/src/lib/components/forms/ConfirmDelete.svelte
@@ -2,7 +2,7 @@
 Confirm deletion or one or more documents.
 -->
 <script lang="ts">
-  import type { Document } from "$lib/api/types";
+  import type { Document, Maybe } from "$lib/api/types";
 
   import { enhance } from "$app/forms";
 
@@ -23,14 +23,16 @@ Confirm deletion or one or more documents.
 
   const dispatch = createEventDispatcher();
 
-  let error: string = undefined;
+  let error: Maybe<string> = undefined;
 
   $: ids = documents.map((d) => d.id);
   $: bulk = documents.length !== 1; // if it's zero, handle that elsewhere
   $: count = documents.length;
   $: action = bulk
     ? "/documents/?/delete"
-    : canonicalUrl(documents[0]).href + "?/delete";
+    : documents[0]
+      ? canonicalUrl(documents[0]).href + "?/delete"
+      : "";
 
   function onSubmit({ submitter, cancel }) {
     submitter.disabled = true;
diff --git a/src/lib/components/forms/DocumentUpload.svelte b/src/lib/components/forms/DocumentUpload.svelte
index 7bdb0ed6b..fcf3916f9 100644
--- a/src/lib/components/forms/DocumentUpload.svelte
+++ b/src/lib/components/forms/DocumentUpload.svelte
@@ -22,7 +22,7 @@ progress through the three-part upload process.
     return files;
   }
 
-  export const uploadToProject = writable<Project>(null);
+  export const uploadToProject = writable<Nullable<Project>>(null);
   function getProjectToUpload() {
     const project = get(uploadToProject);
     uploadToProject.set(null);
@@ -31,7 +31,13 @@ progress through the three-part upload process.
 </script>
 
 <script lang="ts">
-  import type { Access, DocumentUpload, Project } from "$lib/api/types";
+  import type {
+    Access,
+    DocumentUpload,
+    Maybe,
+    Nullable,
+    Project,
+  } from "$lib/api/types";
 
   import { filesize } from "filesize";
   import { onMount } from "svelte";
@@ -65,7 +71,7 @@ progress through the three-part upload process.
   export let files: File[] = getFilesToUpload();
   export let projects: Project[] = [];
 
-  let csrf_token: string;
+  let csrf_token: Maybe<string>;
   let fileDropActive: boolean;
 
   /**
@@ -99,7 +105,9 @@ progress through the three-part upload process.
   ];
 
   let ocrEngine = ocrEngineOptions[0];
-  let add_to_projects: Project[] = [getProjectToUpload()].filter(Boolean);
+  let add_to_projects: Project[] = [getProjectToUpload()].filter(
+    Boolean,
+  ) as Project[];
 
   $: total = Object.values(STATUS).reduce((t, status) => {
     return t + status.file.size;
@@ -171,7 +179,7 @@ progress through the three-part upload process.
         upload(
           id,
           {
-            title: titles[i],
+            title: titles[i] ?? "",
             original_extension: getFileExtension(status.file),
             access,
             projects: add_to_projects.map((p) => p.id),
@@ -190,6 +198,9 @@ progress through the three-part upload process.
 
   // upload one file
   async function upload(id: string, metadata: DocumentUpload, form: FormData) {
+    if (!csrf_token) return;
+    if (!STATUS[id]) return;
+
     const file = STATUS[id].file;
 
     // create
@@ -210,6 +221,18 @@ progress through the three-part upload process.
       return console.error(error);
     }
 
+    if (!document || !document.presigned_url) {
+      STATUS[id] = {
+        ...STATUS[id],
+        error: {
+          status: 500,
+          message: "API returned invalid document. Please try again.",
+        },
+      };
+
+      return;
+    }
+
     // upload
     let presigned_url: URL;
     try {
@@ -220,16 +243,22 @@ progress through the three-part upload process.
         message: "Invalid presigned URL",
         errors: e,
       };
-    }
 
-    if (error) {
       STATUS[id].error = error;
       return console.error(error);
     }
 
+    if (!presigned_url) {
+      STATUS[id].error = {
+        status: 500,
+        message: "Invalid presigned URL",
+      };
+      return;
+    }
+
     STATUS[id].step = "uploading";
     const resp = await documents
-      .upload(new URL(document.presigned_url), file)
+      .upload(presigned_url, file)
       .catch(console.error);
 
     if (!resp) {
@@ -245,7 +274,7 @@ progress through the three-part upload process.
     const force_ocr = form.get("force_ocr") === "on";
 
     ({ error } = await documents.process(
-      [{ id: document.id, force_ocr, ocr_engine: ocrEngine.value }],
+      [{ id: document?.id, force_ocr, ocr_engine: ocrEngine?.value }],
       csrf_token,
     ));
 
@@ -340,17 +369,19 @@ progress through the three-part upload process.
             <FieldLabel>{$_("uploadDialog.language")}</FieldLabel>
             <Language name="language" bind:value={language} />
           </Field>
-          <Field>
-            <FieldLabel>{$_("uploadDialog.ocrEngine")}</FieldLabel>
-            <Select
-              name="ocr_engine"
-              items={ocrEngineOptions}
-              bind:value={ocrEngine}
-            />
-            <p slot="help">
-              {@html ocrEngine.help}
-            </p>
-          </Field>
+          {#if ocrEngine}
+            <Field>
+              <FieldLabel>{$_("uploadDialog.ocrEngine")}</FieldLabel>
+              <Select
+                name="ocr_engine"
+                items={ocrEngineOptions}
+                bind:value={ocrEngine}
+              />
+              <p slot="help">
+                {@html ocrEngine.help}
+              </p>
+            </Field>
+          {/if}
           <Field inline>
             <input type="checkbox" name="force_ocr" />
             <FieldLabel>{$_("uploadDialog.forceOcr")}</FieldLabel>
diff --git a/src/lib/components/forms/Edit.svelte b/src/lib/components/forms/Edit.svelte
index d72239bf9..d24813c37 100644
--- a/src/lib/components/forms/Edit.svelte
+++ b/src/lib/components/forms/Edit.svelte
@@ -51,12 +51,15 @@ Usually this will be rendered inside a modal, but it doesn't have to be.
     </Field>
     <Flex gap={2}>
       <Field title={$_("edit.fields.published_url")}>
-        <Text name="published_url" value={document.published_url.toString()} />
+        <Text
+          name="published_url"
+          value={document.published_url?.toString() ?? ""}
+        />
       </Field>
       <Field title={$_("edit.fields.related_article")}>
         <Text
           name="related_article"
-          value={document.related_article.toString()}
+          value={document.related_article?.toString() ?? ""}
         />
       </Field>
     </Flex>
diff --git a/src/lib/components/forms/EditData.svelte b/src/lib/components/forms/EditData.svelte
index 7a4076585..578fc72d6 100644
--- a/src/lib/components/forms/EditData.svelte
+++ b/src/lib/components/forms/EditData.svelte
@@ -28,7 +28,7 @@
     if (!key || !value) return;
 
     if (key in document.data) {
-      document.data[key] = [...document.data[key], value];
+      document.data[key] = [...(document.data[key] ?? []), value];
     } else {
       document.data[key] = [value];
     }
@@ -39,7 +39,7 @@
   function remove({ key, value }) {
     if (!(key in document.data)) return;
 
-    document.data[key] = document.data[key].filter((v) => v !== value);
+    document.data[key] = (document.data[key] ?? []).filter((v) => v !== value);
   }
 
   function onSubmit() {
diff --git a/src/lib/components/forms/EditDataMany.svelte b/src/lib/components/forms/EditDataMany.svelte
index 0425c5a20..b11b904c0 100644
--- a/src/lib/components/forms/EditDataMany.svelte
+++ b/src/lib/components/forms/EditDataMany.svelte
@@ -29,7 +29,7 @@ This will mostly merge with existing data.
     if (!key || !value) return;
 
     if (key in data) {
-      data[key] = [...data[key], value];
+      data[key] = [...(data[key] ?? []), value];
     } else {
       data[key] = [value];
     }
@@ -40,7 +40,7 @@ This will mostly merge with existing data.
   function remove({ key, value }) {
     if (!(key in data)) return;
 
-    data[key] = data[key].filter((v) => v !== value);
+    data[key] = (data[key] ?? []).filter((v) => v !== value);
   }
 
   function onSubmit() {
diff --git a/src/lib/components/forms/EditNote.svelte b/src/lib/components/forms/EditNote.svelte
index ba3bbc60e..9275007e8 100644
--- a/src/lib/components/forms/EditNote.svelte
+++ b/src/lib/components/forms/EditNote.svelte
@@ -5,7 +5,7 @@ This form deals with everything except coordinates, which should be passed in as
 Positioning and generating coordinates should happen outside of this form.
 -->
 <script lang="ts">
-  import type { Bounds, Document, Note } from "$lib/api/types";
+  import type { Bounds, Document, Maybe, Note } from "$lib/api/types";
 
   import { enhance } from "$app/forms";
 
@@ -23,7 +23,7 @@ Positioning and generating coordinates should happen outside of this form.
 
   export let document: Document;
   export let note: Partial<Note> = {}; // for updating
-  export let page_number: number = note.page_number;
+  export let page_number: Maybe<number> = note.page_number;
 
   const dispatch = createEventDispatcher();
 
diff --git a/src/lib/components/forms/EditSectionRow.svelte b/src/lib/components/forms/EditSectionRow.svelte
index a3b7ab5c0..4cfab307f 100644
--- a/src/lib/components/forms/EditSectionRow.svelte
+++ b/src/lib/components/forms/EditSectionRow.svelte
@@ -2,7 +2,7 @@
 One row of the `EditSections.svelte` form, to encapsulate logic.
 -->
 <script lang="ts">
-  import type { Document } from "$lib/api/types";
+  import type { Document, Maybe } from "$lib/api/types";
 
   import { invalidate } from "$app/navigation";
 
@@ -19,11 +19,11 @@ One row of the `EditSections.svelte` form, to encapsulate logic.
 
   import { create, update, remove } from "$lib/api/sections";
 
-  export let csrftoken: string;
+  export let csrftoken: Maybe<string> = undefined;
   export let disabled = false;
   export let document: Document;
-  export let id: number | string = undefined;
-  export let page_number: number = undefined;
+  export let id: Maybe<number | string> = undefined;
+  export let page_number: number = 1;
   export let title: string = "";
 
   // store separately to deal with zero-indexed section pages
@@ -33,8 +33,8 @@ One row of the `EditSections.svelte` form, to encapsulate logic.
 
   function reset() {
     title = "";
-    page_number = undefined;
-    display_number = undefined;
+    page_number = 1;
+    display_number = 1;
   }
 </script>
 
diff --git a/src/lib/components/forms/EditSections.svelte b/src/lib/components/forms/EditSections.svelte
index da4cf939f..5eac54b45 100644
--- a/src/lib/components/forms/EditSections.svelte
+++ b/src/lib/components/forms/EditSections.svelte
@@ -3,7 +3,7 @@ Create, update and delete sections for a single document.
 This form is entirely client-side.
 -->
 <script lang="ts">
-  import type { Document, Section } from "$lib/api/types";
+  import type { Document, Maybe, Section } from "$lib/api/types";
 
   import { beforeUpdate, createEventDispatcher, onMount } from "svelte";
   import { _ } from "svelte-i18n";
@@ -18,7 +18,7 @@ This form is entirely client-side.
 
   const dispatch = createEventDispatcher();
 
-  let csrftoken: string;
+  let csrftoken: Maybe<string>;
   let table: HTMLTableElement;
 
   $: sections = document.sections ?? [];
@@ -66,14 +66,16 @@ This form is entirely client-side.
         {csrftoken}
         title={section.title}
         page_number={section.page_number}
-        disabled={existing_pages.has(section.page_number)}
+        disabled={Boolean(
+          section.page_number && existing_pages.has(section.page_number),
+        )}
       />
 
-      {#if existing_pages.has(section.page_number)}
+      {#if Boolean(section.page_number && existing_pages.has(section.page_number))}
         <tr class="warning">
           <td colspan="2">
             {$_("sections.overwrite", {
-              values: { n: section.page_number + 1 },
+              values: { n: (section.page_number ?? 0) + 1 },
             })}
           </td>
         </tr>
diff --git a/src/lib/components/forms/Projects.svelte b/src/lib/components/forms/Projects.svelte
index 50f27b33a..0e051acba 100644
--- a/src/lib/components/forms/Projects.svelte
+++ b/src/lib/components/forms/Projects.svelte
@@ -60,6 +60,10 @@ and we don't want to do that everywhere.
     const { checked } = e.target;
     const ids = documents.map((d) => d.id);
     const csrf_token = getCsrfToken();
+    if (!csrf_token) {
+      console.error("No CSRF token found");
+      return;
+    }
     if (checked) {
       await add(project.id, ids, csrf_token);
     } else {
@@ -74,7 +78,9 @@ and we don't want to do that everywhere.
 
   function sort(projects: Project[]) {
     return projects.sort(
-      (a, b) => +b.pinned - +a.pinned || a.title.localeCompare(b.title),
+      (a, b) =>
+        +(b.pinned ?? false) - +(a.pinned ?? false) ||
+        a.title.localeCompare(b.title),
     );
   }
 </script>
diff --git a/src/lib/components/forms/Reprocess.svelte b/src/lib/components/forms/Reprocess.svelte
index 0ed8b4e73..fe46c98d9 100644
--- a/src/lib/components/forms/Reprocess.svelte
+++ b/src/lib/components/forms/Reprocess.svelte
@@ -42,7 +42,7 @@ This will mostly be used inside a modal but isn't dependent on one.
   ];
 
   let ocrEngine = ocrEngineOptions[0];
-  let language: { value: string; label: string } = {
+  let language: { value?: string; label?: string } = {
     value: documents[0]?.language,
     label: LANGUAGE_MAP.get(documents[0]?.language),
   };
@@ -81,7 +81,7 @@ This will mostly be used inside a modal but isn't dependent on one.
     const payload = documents.map((d) => ({
       id: d.id,
       force_ocr,
-      ocr_engine: ocrEngine.value,
+      ocr_engine: ocrEngine?.value,
     }));
 
     const { error } = await process(payload, csrf_token);
@@ -115,7 +115,7 @@ This will mostly be used inside a modal but isn't dependent on one.
     <Flex direction="column" gap={1}>
       <Field>
         <FieldLabel>{$_("uploadDialog.language")}</FieldLabel>
-        <Language bind:value={language} />
+        <Language bind:value={language.value} />
       </Field>
       <Field>
         <FieldLabel>{$_("uploadDialog.ocrEngine")}</FieldLabel>
@@ -125,7 +125,7 @@ This will mostly be used inside a modal but isn't dependent on one.
           bind:value={ocrEngine}
         />
         <p slot="help">
-          {@html ocrEngine.help}
+          {@html ocrEngine?.help}
         </p>
       </Field>
       <Field inline>
diff --git a/src/lib/components/forms/Search.svelte b/src/lib/components/forms/Search.svelte
index 962a41258..c091f54ed 100644
--- a/src/lib/components/forms/Search.svelte
+++ b/src/lib/components/forms/Search.svelte
@@ -1,11 +1,12 @@
 <script lang="ts">
   import { Search16, XCircleFill24 } from "svelte-octicons";
   import { _ } from "svelte-i18n";
+  import type { Maybe, Nullable } from "$lib/api/types";
 
-  export let name: string = null;
+  export let name: Nullable<string> = null;
   export let query: string = "";
   export let placeholder: string = $_("searchBar.search");
-  export let action: string = undefined;
+  export let action: Maybe<string> = undefined;
 
   let input: HTMLInputElement;
   let form: HTMLFormElement;
diff --git a/src/lib/components/forms/UploadListItem.svelte b/src/lib/components/forms/UploadListItem.svelte
index 18cf93878..7d8292355 100644
--- a/src/lib/components/forms/UploadListItem.svelte
+++ b/src/lib/components/forms/UploadListItem.svelte
@@ -59,8 +59,8 @@
 <!-- file is ready, uploading or processing -->
 <Flex align="baseline" gap={1} role="listitem" class="upload-list-item" {id}>
   <div class="title">
-    {#if linkable}
-      <a href={canonicalUrl(status.document).href}>{status.document.title}</a>
+    {#if linkable && status.document}
+      <a href={canonicalUrl(status.document).href}>{status.document?.title}</a>
     {:else}
       <Field inline sronly title={$_("common.title")} {description}>
         <Text
diff --git a/src/lib/components/forms/UserFeedback.svelte b/src/lib/components/forms/UserFeedback.svelte
index 2ac26fc10..a87f1a293 100644
--- a/src/lib/components/forms/UserFeedback.svelte
+++ b/src/lib/components/forms/UserFeedback.svelte
@@ -3,15 +3,15 @@
   import { enhance } from "$app/forms";
   import { _ } from "svelte-i18n";
   import { Bug16, Comment16, Question16 } from "svelte-octicons";
-  import type { User } from "@/api/types";
+  import type { Nullable, User } from "$lib/api/types";
   import Button from "../common/Button.svelte";
   import Flex from "../common/Flex.svelte";
   import Avatar from "../accounts/Avatar.svelte";
   import { toast } from "../layouts/Toaster.svelte";
   import { APP_URL } from "@/config/config";
-  import { getUserName } from "@/lib/api/accounts";
+  import { getUserName } from "$lib/api/accounts";
 
-  export let user: User = undefined;
+  export let user: Nullable<User> = null;
 
   let feedback = "";
   export let feedbackType = "Comment";
diff --git a/src/lib/components/forms/stories/EditNote.stories.svelte b/src/lib/components/forms/stories/EditNote.stories.svelte
index 061a2c48a..924d3c884 100644
--- a/src/lib/components/forms/stories/EditNote.stories.svelte
+++ b/src/lib/components/forms/stories/EditNote.stories.svelte
@@ -15,7 +15,7 @@
   import doc from "@/test/fixtures/documents/document-expanded.json";
 
   const document = doc as Document;
-  const note = document.notes[0];
+  const note = document.notes?.[0]!;
 </script>
 
 <Story name="New note">
diff --git a/src/lib/components/forms/stories/RemoveCollaborator.stories.svelte b/src/lib/components/forms/stories/RemoveCollaborator.stories.svelte
index b8ee14dd3..e1640ce21 100644
--- a/src/lib/components/forms/stories/RemoveCollaborator.stories.svelte
+++ b/src/lib/components/forms/stories/RemoveCollaborator.stories.svelte
@@ -9,7 +9,7 @@
   };
 
   import { project, projectUsers } from "@/test/fixtures/projects";
-  const user = projectUsers.results[0];
+  const user = projectUsers.results[0]!;
 </script>
 
 <Story name="default">
diff --git a/src/lib/components/forms/stories/UpdateCollaborator.stories.svelte b/src/lib/components/forms/stories/UpdateCollaborator.stories.svelte
index c6c20ff21..c87a3a302 100644
--- a/src/lib/components/forms/stories/UpdateCollaborator.stories.svelte
+++ b/src/lib/components/forms/stories/UpdateCollaborator.stories.svelte
@@ -9,7 +9,7 @@
   };
 
   import { project, projectUsers } from "@/test/fixtures/projects";
-  const user = projectUsers.results[0];
+  const user = projectUsers.results[0]!;
 </script>
 
 <Story name="default">
diff --git a/src/lib/components/inputs/AccessLevel.svelte b/src/lib/components/inputs/AccessLevel.svelte
index 2202e0310..4fe18a533 100644
--- a/src/lib/components/inputs/AccessLevel.svelte
+++ b/src/lib/components/inputs/AccessLevel.svelte
@@ -41,7 +41,7 @@
   ];
 
   export let name: string;
-  export let selected: Access = levels[0].value;
+  export let selected: Access = levels[0]!.value;
   export let direction: "column" | "row" = "column";
 </script>
 
diff --git a/src/lib/components/inputs/Checkbox.svelte b/src/lib/components/inputs/Checkbox.svelte
index 06722be3a..f7ec7848e 100644
--- a/src/lib/components/inputs/Checkbox.svelte
+++ b/src/lib/components/inputs/Checkbox.svelte
@@ -1,7 +1,7 @@
 <script lang="ts">
   import { Check16, Dash16 } from "svelte-octicons";
 
-  export let name: string = undefined;
+  export let name: undefined | string = undefined;
   export let disabled = false;
   export let value = false;
   export let indeterminate = false;
diff --git a/src/lib/components/inputs/Choices.svelte b/src/lib/components/inputs/Choices.svelte
index 3d8a7d09c..8d66ff153 100644
--- a/src/lib/components/inputs/Choices.svelte
+++ b/src/lib/components/inputs/Choices.svelte
@@ -1,7 +1,7 @@
 <script lang="ts">
   export let name: string;
   export let defaultValue: string = "";
-  export let value: string = defaultValue || null;
+  export let value: null | string = defaultValue || null;
   export let required: boolean = false;
   export let choices: string[] = [];
 </script>
diff --git a/src/lib/components/inputs/Dropzone.svelte b/src/lib/components/inputs/Dropzone.svelte
index 75199d10e..ca9cb76f1 100644
--- a/src/lib/components/inputs/Dropzone.svelte
+++ b/src/lib/components/inputs/Dropzone.svelte
@@ -31,7 +31,8 @@
 
   function handleDrop(e: DragEvent) {
     if (disabled) return;
-    onDrop(e.dataTransfer.files);
+    const files = e.dataTransfer?.files;
+    if (files) onDrop(files);
     active = false;
   }
 </script>
diff --git a/src/lib/components/inputs/File.svelte b/src/lib/components/inputs/File.svelte
index 731a9978d..442ba52a7 100644
--- a/src/lib/components/inputs/File.svelte
+++ b/src/lib/components/inputs/File.svelte
@@ -8,11 +8,11 @@
   import { DOCUMENT_TYPES } from "@/config/config.js";
   import Button from "$lib/components/common/Button.svelte";
 
-  export let name: string = null;
+  export let name: null | string = null;
   export let onFileSelect: (files: FileList) => void;
   export let multiple = false;
   export let buttonMode: ComponentProps<Button>["mode"] = "primary";
-  export let files: FileList = null;
+  export let files: null | FileList = null;
   export let disabled = false;
 
   // Bound to the file picker input
@@ -24,12 +24,12 @@
 
   function handleFiles() {
     const fileList = picker.files;
-    if (fileList.length > 0) {
+    if (fileList && fileList.length > 0) {
       // Clone the file list so the input can be safely cleared
       const listCopy: FileList = Object.assign([], fileList);
       onFileSelect(listCopy);
     }
-    picker.value = null;
+    picker.value = "";
   }
 </script>
 
diff --git a/src/lib/components/inputs/Number.svelte b/src/lib/components/inputs/Number.svelte
index ce7d41bd5..b2cf6217a 100644
--- a/src/lib/components/inputs/Number.svelte
+++ b/src/lib/components/inputs/Number.svelte
@@ -3,15 +3,15 @@
 -->
 
 <script lang="ts">
-  export let name: string = null;
+  export let name: null | string = null;
   export let placeholder = "";
-  export let value: number = undefined;
+  export let value: undefined | number = undefined;
   export let autofocus = false;
   export let required = false;
   export let disabled = false;
-  export let min: number = undefined;
-  export let max: number = undefined;
-  export let step: number = undefined;
+  export let min: undefined | number = undefined;
+  export let max: undefined | number = undefined;
+  export let step: undefined | number = undefined;
 </script>
 
 <!-- svelte-ignore a11y-autofocus -->
diff --git a/src/lib/components/inputs/ProjectAccess.svelte b/src/lib/components/inputs/ProjectAccess.svelte
index 24dfe9ff0..44a0ad254 100644
--- a/src/lib/components/inputs/ProjectAccess.svelte
+++ b/src/lib/components/inputs/ProjectAccess.svelte
@@ -35,7 +35,7 @@ Project access input
   ];
 
   export let name: string = "access";
-  export let selected = levels[0].value;
+  export let selected = levels[0]?.value;
 </script>
 
 <Flex direction="column" gap={0.5}>
diff --git a/src/lib/components/inputs/Selection.svelte b/src/lib/components/inputs/Selection.svelte
index 0cd697daa..a61cf0374 100644
--- a/src/lib/components/inputs/Selection.svelte
+++ b/src/lib/components/inputs/Selection.svelte
@@ -8,9 +8,9 @@
   import { _ } from "svelte-i18n";
 
   export let documents = new Set();
-  export let value = null;
-  export let query: string = undefined;
-  export let resultsCount: number = undefined;
+  export let value: null | Record<string, unknown> = null;
+  export let query: undefined | string = undefined;
+  export let resultsCount: undefined | number = undefined;
 
   const selected: Writable<Document[]> = getContext("selected");
 
diff --git a/src/lib/components/inputs/Switch.svelte b/src/lib/components/inputs/Switch.svelte
index 434a2a697..001abbe3a 100644
--- a/src/lib/components/inputs/Switch.svelte
+++ b/src/lib/components/inputs/Switch.svelte
@@ -1,10 +1,14 @@
 <script lang="ts">
-  export let name = null;
+  import type { Nullable } from "$lib/api/types";
+
+  export let name: Nullable<string> = null;
   export let checked = false;
   export let disabled = false;
 
-  function handleClick(event) {
-    const state = event.target.getAttribute("aria-checked");
+  function handleClick(event: MouseEvent) {
+    const state = (event.target as HTMLButtonElement).getAttribute(
+      "aria-checked",
+    );
     checked = state === "true" ? false : true;
   }
 </script>
diff --git a/src/lib/components/inputs/Text.svelte b/src/lib/components/inputs/Text.svelte
index e9c33e78b..81ca9d75a 100644
--- a/src/lib/components/inputs/Text.svelte
+++ b/src/lib/components/inputs/Text.svelte
@@ -3,7 +3,7 @@
 -->
 
 <script lang="ts">
-  export let name: string = null;
+  export let name: null | string = null;
   export let placeholder = "";
   export let value = "";
   export let autofocus = false;
diff --git a/src/lib/components/layouts/AddOnBrowser.svelte b/src/lib/components/layouts/AddOnBrowser.svelte
index ae5c71159..8bc0483ec 100644
--- a/src/lib/components/layouts/AddOnBrowser.svelte
+++ b/src/lib/components/layouts/AddOnBrowser.svelte
@@ -90,7 +90,7 @@
       {#await addons}
         <Empty icon={Hourglass24}>{$_("addonBrowserDialog.loading")}</Empty>
       {:then { data: page }}
-        {#each page.results as addon}
+        {#each page?.results ?? [] as addon}
           <ListItem {addon} />
         {:else}
           <Empty icon={Plug24}>{$_("addonBrowserDialog.empty")}</Empty>
@@ -105,10 +105,14 @@
             <Paginator />
           {:then { data: page }}
             <Paginator
-              has_next={Boolean(page.next)}
-              has_previous={Boolean(page.previous)}
-              on:next={() => paginate(page.next)}
-              on:previous={() => paginate(page.previous)}
+              has_next={Boolean(page?.next)}
+              has_previous={Boolean(page?.previous)}
+              on:next={() => {
+                if (page?.next) paginate(page.next);
+              }}
+              on:previous={() => {
+                if (page?.previous) paginate(page.previous);
+              }}
             />
           {/await}
         </svelte:fragment>
@@ -120,16 +124,20 @@
       <Empty icon={Hourglass24}>{$_("addonBrowserDialog.loading")}</Empty>
     {:then { data: events }}
       <Scheduled
-        events={events.results}
-        next={events.next}
-        previous={events.previous}
+        events={events?.results ?? []}
+        next={events?.next}
+        previous={events?.previous}
       />
     {/await}
 
     {#await runs}
       <Empty icon={Hourglass24}>{$_("addonBrowserDialog.loading")}</Empty>
     {:then { data: runs }}
-      <History runs={runs.results} next={runs.next} previous={runs.previous} />
+      <History
+        runs={runs?.results ?? []}
+        next={runs?.next}
+        previous={runs?.previous}
+      />
     {/await}
   </aside>
 </div>
diff --git a/src/lib/components/layouts/AddOnLayout.svelte b/src/lib/components/layouts/AddOnLayout.svelte
index 8f37d42da..2020d6079 100644
--- a/src/lib/components/layouts/AddOnLayout.svelte
+++ b/src/lib/components/layouts/AddOnLayout.svelte
@@ -122,11 +122,15 @@
           {#await history}
             <Empty icon={Hourglass24}>{$_("common.loading")}</Empty>
           {:then history}
-            <History
-              runs={history.results}
-              next={history.next}
-              previous={history.previous}
-            />
+            {#if history}
+              <History
+                runs={history.results}
+                next={history.next}
+                previous={history.previous}
+              />
+            {:else}
+              <Empty>{$_("addonDispatchDialog.noHistory")}</Empty>
+            {/if}
           {/await}
         </div>
       {:else}
diff --git a/src/lib/components/layouts/DocumentBrowser.svelte b/src/lib/components/layouts/DocumentBrowser.svelte
index 2be128725..4e1046fa5 100644
--- a/src/lib/components/layouts/DocumentBrowser.svelte
+++ b/src/lib/components/layouts/DocumentBrowser.svelte
@@ -1,5 +1,10 @@
 <script lang="ts">
-  import type { APIResponse, DocumentResults, Project } from "$lib/api/types";
+  import type {
+    APIResponse,
+    DocumentResults,
+    Nullable,
+    Project,
+  } from "$lib/api/types";
 
   import { goto } from "$app/navigation";
 
@@ -60,7 +65,7 @@
 
   export let documents: Promise<APIResponse<DocumentResults, any>>;
   export let query: string = "";
-  export let project: Project = null;
+  export let project: Nullable<Project> = null;
   export let uiText: UITextProps = {
     loading: $_("common.loading"),
     error: $_("common.error"),
@@ -81,20 +86,23 @@
     deleted: Set<string>,
     searchResults?: DocumentResults, // optional params must come second
   ): DocumentResults {
+    if (!searchResults)
+      return { count: 0, results: [], next: null, previous: null };
     if (deleted.size === 0) return searchResults;
 
     const filtered =
-      searchResults?.results.filter((d) => !deleted.has(String(d.id))) ?? [];
+      searchResults.results.filter((d) => !deleted.has(String(d.id))) ?? [];
 
     return {
       ...searchResults,
       results: filtered,
-      count: searchResults.count - deleted.size,
+      count: (searchResults.count ?? filtered.length) - deleted.size,
     };
   }
 
-  function selectAll(e) {
-    if (e.target.checked) {
+  function selectAll(e: Event) {
+    const target = e.target as HTMLInputElement;
+    if (target.checked) {
       $selected = [...$visible];
     } else {
       $selected = [];
diff --git a/src/lib/components/layouts/DocumentLayout.svelte b/src/lib/components/layouts/DocumentLayout.svelte
index 991fffa5a..ed0b4e3ab 100644
--- a/src/lib/components/layouts/DocumentLayout.svelte
+++ b/src/lib/components/layouts/DocumentLayout.svelte
@@ -6,7 +6,6 @@
   import type {
     AddOnListItem,
     APIResponse,
-    DocumentText,
     Page,
     Project,
   } from "$lib/api/types";
@@ -33,12 +32,13 @@
   const me = getCurrentUser();
 
   export let documentStore = getDocument();
-  export let text: DocumentText = getText();
+  export let text = getText();
   export let action: string = "";
   export let addons: Promise<APIResponse<Page<AddOnListItem>>>;
 
   $: document = $documentStore;
   $: projects = (document.projects ?? []) as Project[];
+  $: access = getLevel(document.access);
 </script>
 
 <SidebarLayout>
@@ -55,9 +55,11 @@
 
   <aside class="column between" slot="action">
     <Flex direction="column" gap={2}>
-      <div style="font-size: var(--font-xl)">
-        <Access level={getLevel(document.access)} />
-      </div>
+      {#if access}
+        <div style="font-size: var(--font-xl)">
+          <Access level={access} />
+        </div>
+      {/if}
       {#if document.access === "organization" && isOrg(document.organization)}
         <Metadata key={$_("sidebar.sharedWith")}>
           <Flex>
@@ -66,7 +68,9 @@
           </Flex>
         </Metadata>
       {/if}
-      <Actions {document} user={$me} {action} />
+      {#if $me}
+        <Actions {document} user={$me} {action} />
+      {/if}
 
       <AddOns pinnedAddOns={addons} query="+document:{document.id}" />
     </Flex>
diff --git a/src/lib/components/layouts/Flatpage.svelte b/src/lib/components/layouts/Flatpage.svelte
index 81f88e932..ecdb305af 100644
--- a/src/lib/components/layouts/Flatpage.svelte
+++ b/src/lib/components/layouts/Flatpage.svelte
@@ -9,9 +9,15 @@
 
   $: markdownContent = renderMarkdown(content);
 
+  interface Heading {
+    text: string;
+    id: string;
+    level: number;
+  }
+
   let contentElem: HTMLElement;
   let sidebarElem: HTMLDivElement;
-  let headers: HTMLHeadingElement[];
+  let headers: Heading[];
 
   onMount(() => {
     headers = injectLinkReferences();
@@ -21,15 +27,15 @@
   function injectLinkReferences() {
     if (!contentElem) {
       console.warn("No content element");
-      return;
+      return [];
     }
 
     const headers = contentElem.querySelectorAll("h1, h2, h3, h4, h5, h6");
 
-    const contents = [];
+    const contents: Heading[] = [];
     headers.forEach((header, i) => {
       contents.push({
-        text: header.textContent.trim(),
+        text: header.textContent?.trim() ?? "",
         id: header.id,
         level: parseInt(header.tagName.substring(1)),
       });
@@ -48,7 +54,7 @@
   }
 
   // Build table of contents
-  function buildToc(headers: HTMLHeadingElement[]) {
+  function buildToc(headers: Heading[]) {
     let root = { children: [] };
 
     const addNode = (node: Node, level: number, tree: HTMLElement) => {
@@ -85,7 +91,7 @@
 
     // Strip single TOC root items
     while (root.children.length === 1) {
-      root = root.children[0];
+      root = root.children[0] ?? { children: [] };
     }
 
     function generateToc(tree, depth = 0, first = true) {
diff --git a/src/lib/components/layouts/Modal.svelte b/src/lib/components/layouts/Modal.svelte
index 63e7837dd..50bdb18b7 100644
--- a/src/lib/components/layouts/Modal.svelte
+++ b/src/lib/components/layouts/Modal.svelte
@@ -11,11 +11,13 @@ of the $modal store. These are used to set the active modal on any given page.
   import type { ComponentType, SvelteComponent } from "svelte";
   import { writable, type Writable } from "svelte/store";
 
-  export type ModalContext = Writable<{
-    title?: string;
-    component: ComponentType<SvelteComponent>;
-    props?: any;
-  }>;
+  export type ModalContext = Writable<
+    Nullable<{
+      title?: string;
+      component: ComponentType<SvelteComponent>;
+      props?: any;
+    }>
+  >;
 
   export const modal: ModalContext = writable(null);
   export const MODAL = "modal"; // constant for context
@@ -27,6 +29,7 @@ of the $modal store. These are used to set the active modal on any given page.
   import { fade, fly } from "svelte/transition";
   import { XCircle24 } from "svelte-octicons";
   import Button from "../common/Button.svelte";
+  import type { Nullable } from "$lib/api/types";
 
   const dispatch = createEventDispatcher();
 
diff --git a/src/lib/components/layouts/Navigation.svelte b/src/lib/components/layouts/Navigation.svelte
index 785e74944..c40356a94 100644
--- a/src/lib/components/layouts/Navigation.svelte
+++ b/src/lib/components/layouts/Navigation.svelte
@@ -51,16 +51,18 @@
     </slot>
     {#if !BREAKPOINTS.BOTTOM_NAV}
       <SignedIn>
-        <Flex>
-          {#await Promise.all([$user_orgs, $org_users]) then [orgs, users]}
-            <OrgMenu
-              active_org={$org}
-              {orgs}
-              users={inMyOrg($org.id, $me.id, users)}
-            />
-          {/await}
-          <UserMenu user={$me} />
-        </Flex>
+        {#if $me}
+          <Flex>
+            {#await Promise.all([$user_orgs, $org_users]) then [orgs, users]}
+              <OrgMenu
+                active_org={$org}
+                {orgs}
+                users={inMyOrg($org.id, $me.id, users)}
+              />
+            {/await}
+            <UserMenu user={$me} />
+          </Flex>
+        {/if}
         <Button slot="signedOut" mode="primary" href={sign_in_url.href}>
           {$_("authSection.user.signIn")}
         </Button>
@@ -93,12 +95,14 @@
 {#if BREAKPOINTS.BOTTOM_NAV}
   <nav class="bottom-nav">
     <SignedIn>
-      <Flex>
-        {#await Promise.all([$user_orgs, $org_users]) then [orgs, users]}
-          <OrgMenu position="top-start" active_org={$org} {orgs} {users} />
-        {/await}
-        <UserMenu position="top-start" user={$me} />
-      </Flex>
+      {#if $me}
+        <Flex>
+          {#await Promise.all([$user_orgs, $org_users]) then [orgs, users]}
+            <OrgMenu position="top-start" active_org={$org} {orgs} {users} />
+          {/await}
+          <UserMenu position="top-start" user={$me} />
+        </Flex>
+      {/if}
       <Button slot="signedOut" mode="primary" href={SIGN_IN_URL}>
         {$_("authSection.user.signIn")}
       </Button>
diff --git a/src/lib/components/layouts/Sidebar.svelte b/src/lib/components/layouts/Sidebar.svelte
index 7f8535aeb..2d9a3b5fa 100644
--- a/src/lib/components/layouts/Sidebar.svelte
+++ b/src/lib/components/layouts/Sidebar.svelte
@@ -33,9 +33,11 @@
   export let id: string;
   export let position: "left" | "right" = "left";
 
-  let viewWidth: number = Boolean(browser) ? window.innerWidth : undefined;
+  let viewWidth: undefined | number = Boolean(browser)
+    ? window.innerWidth
+    : undefined;
 
-  $: isSmall = viewWidth < 64 * 16;
+  $: isSmall = viewWidth ? viewWidth < 64 * 16 : false;
   $: {
     $sidebars[id] = isSmall ? false : true;
   }
diff --git a/src/lib/components/layouts/Toaster.svelte b/src/lib/components/layouts/Toaster.svelte
index 6e883d3f1..0dca92089 100644
--- a/src/lib/components/layouts/Toaster.svelte
+++ b/src/lib/components/layouts/Toaster.svelte
@@ -1,8 +1,8 @@
 <script lang="ts" context="module">
-  import type { SvelteComponent } from "svelte";
+  import type { ComponentType, SvelteComponent } from "svelte";
   import { writable } from "svelte/store";
 
-  type ToastContents<P = any> = string | typeof SvelteComponent<P>;
+  type ToastContents = string | ComponentType;
 
   interface ToastOptions<P = any> {
     status?: "info" | "success" | "warning" | "error";
@@ -10,9 +10,9 @@
     props?: P;
   }
 
-  interface ToastItem<P = any> extends ToastOptions {
+  interface ToastItem extends ToastOptions {
     id?: string | number;
-    contents: ToastContents<P>;
+    contents: ToastContents;
   }
 
   function addToast(newToast: ToastItem, prev: ToastItem[]) {
@@ -23,7 +23,7 @@
   export const toasts = writable<ToastItem[]>([]);
 
   export function toast<P>(
-    contents: ToastContents<P>,
+    contents: ToastContents,
     options: ToastOptions<P> = {},
   ) {
     toasts.update((prev) => addToast({ contents, ...options }, prev));
diff --git a/src/lib/components/layouts/tests/Toaster.test.ts b/src/lib/components/layouts/tests/Toaster.test.ts
index 4b6cc67b4..49720ceaa 100644
--- a/src/lib/components/layouts/tests/Toaster.test.ts
+++ b/src/lib/components/layouts/tests/Toaster.test.ts
@@ -23,8 +23,8 @@ describe("toast", () => {
     const current = get(toasts);
     // Check that the notification has been added with the correct ID
     expect(current).toHaveLength(1);
-    expect(current[0].id).toBe(1620000000000);
-    expect(current[0].contents).toBe("Hello world");
+    expect(current[0]?.id).toBe(1620000000000);
+    expect(current[0]?.contents).toBe("Hello world");
   });
 });
 
diff --git a/src/lib/components/navigation/LanguageMenu.svelte b/src/lib/components/navigation/LanguageMenu.svelte
index 12523f46a..da82c6247 100644
--- a/src/lib/components/navigation/LanguageMenu.svelte
+++ b/src/lib/components/navigation/LanguageMenu.svelte
@@ -27,7 +27,7 @@
   <!-- Language Menu -->
   <Dropdown {position}>
     <SidebarItem slot="anchor">
-      <span class="flag" slot="start">{currentLang[2]}</span>
+      <span class="flag" slot="start">{currentLang?.[2]}</span>
       <!-- <span class="lang">{currentLang[0]}</span> -->
       <div class="dropdownArrow" slot="end">
         {#if position.includes("bottom")}
diff --git a/src/lib/components/navigation/OrgMenu.svelte b/src/lib/components/navigation/OrgMenu.svelte
index 559ef82ee..0c925271f 100644
--- a/src/lib/components/navigation/OrgMenu.svelte
+++ b/src/lib/components/navigation/OrgMenu.svelte
@@ -45,7 +45,10 @@
   // wrapping setOrg here
   async function switchOrg(org: Org) {
     const csrf_token = getCsrfToken();
-
+    if (!csrf_token) {
+      console.error("Missing CSRF token");
+      return;
+    }
     await setOrg(org.id, csrf_token);
     await invalidateAll();
   }
@@ -94,7 +97,7 @@
   </svelte:fragment>
   <Menu slot="default" let:close>
     <div class="menu-inner" class:sm={width <= remToPx(32)}>
-      {#if isPremium}
+      {#if isPremium && active_org.monthly_credits && active_org.credit_reset_date}
         <MenuInsert>
           <CreditMeter
             id="org-credits"
diff --git a/src/lib/components/navigation/tests/Breadcrumbs.test.ts b/src/lib/components/navigation/tests/Breadcrumbs.test.ts
index befcb8bdb..a8cca4b4c 100644
--- a/src/lib/components/navigation/tests/Breadcrumbs.test.ts
+++ b/src/lib/components/navigation/tests/Breadcrumbs.test.ts
@@ -8,7 +8,7 @@ describe("Breadcrumbs", () => {
     const result = render(Breadcrumbs);
     const links = result.getAllByRole("link");
     expect(links[0]).toHaveAttribute("href", "/");
-    expect(links[0].getElementsByTagName("svg")[0]).toEqual(
+    expect(links[0]!.getElementsByTagName("svg")[0]).toEqual(
       render(Logo).container.getElementsByTagName("svg")[0],
     );
   });
@@ -21,8 +21,8 @@ describe("Breadcrumbs", () => {
     const links = result.getAllByRole("link");
     links.forEach((link, index) => {
       if (index > 0) {
-        expect(link).toHaveAttribute("href", trail[index - 1].href);
-        expect(link).toHaveAttribute("title", trail[index - 1].title);
+        expect(link).toHaveAttribute("href", trail[index - 1]!.href);
+        expect(link).toHaveAttribute("title", trail[index - 1]!.title);
       }
     });
   });
diff --git a/src/lib/components/onboarding/GuidedTour.svelte b/src/lib/components/onboarding/GuidedTour.svelte
index 3f290f121..3056d13b3 100644
--- a/src/lib/components/onboarding/GuidedTour.svelte
+++ b/src/lib/components/onboarding/GuidedTour.svelte
@@ -5,7 +5,7 @@
   and if the user hasn't already taken it, we'll prompt them to take the guided tour.
  -->
 <script lang="ts" context="module">
-  import type { Maybe } from "$lib/api/types";
+  import type { Maybe, Nullable } from "$lib/api/types";
 
   import "driver.js/dist/driver.css";
 
@@ -29,17 +29,18 @@
 
   type Tours = Record<string, boolean>;
 
-  export function getRoute(): Maybe<string> {
+  export function getRoute(): Maybe<Nullable<string>> {
     return get(page)?.route?.id;
   }
 
-  export function getScript(route?: string): Maybe<DriveStep[]> {
+  export function getScript(route?: Nullable<string>): Maybe<DriveStep[]> {
     const currentRoute = route ?? getRoute();
+    if (!currentRoute) return;
     return scripts[currentRoute];
   }
 
   export function getTourHistory(): Tours {
-    return storage.get<Tours, {}>("tours", {});
+    return storage.get<Tours, {}>("tours", {}) ?? {};
   }
 
   export function startTour(): void {
@@ -49,11 +50,12 @@
   export function endTour(): void {
     const route = getRoute();
     const history = getTourHistory();
+    if (!route) return;
     storage.set("tours", { ...history, [route]: false });
     driverObj.destroy();
   }
 
-  export function isTourAvailable(route?: string): boolean {
+  export function isTourAvailable(route?: Nullable<string>): boolean {
     return Boolean(getScript(route));
   }
 </script>
@@ -76,6 +78,7 @@
       // should we start the tour?
       const currentRoute = getRoute();
       const history = getTourHistory();
+      if (!currentRoute) return;
       const offerTour = history[currentRoute] ?? true;
       if ($user && offerTour) {
         startTour();
diff --git a/src/lib/components/processing/AddOns.svelte b/src/lib/components/processing/AddOns.svelte
index 10ab16dff..db8ee4fbb 100644
--- a/src/lib/components/processing/AddOns.svelte
+++ b/src/lib/components/processing/AddOns.svelte
@@ -5,7 +5,6 @@ This component should update on a timer.
 <script lang="ts">
   import type { Run } from "@/addons/types";
 
-  import { afterUpdate, onMount, onDestroy } from "svelte";
   import { flip } from "svelte/animate";
   import { _ } from "svelte-i18n";
   import { Plug16, Thumbsdown16, Thumbsup16, XCircle16 } from "svelte-octicons";
@@ -17,12 +16,12 @@ This component should update on a timer.
   import Flex from "../common/Flex.svelte";
   import Process from "./Process.svelte";
 
-  import { POLL_INTERVAL } from "@/config/config";
   import { history, dismiss, cancel, rate } from "$lib/api/addons";
   import { getCsrfToken } from "$lib/utils/api";
   import { getRunningAddons } from "./ProcessContext.svelte";
+  import type { Nullable } from "$lib/api/types";
 
-  let timeout: string | number | NodeJS.Timeout;
+  let timeout: Nullable<string | number | NodeJS.Timeout>;
 
   const running = getRunningAddons();
   /* 
@@ -43,24 +42,30 @@ This component should update on a timer.
   });
  */
   function stop() {
-    clearTimeout(timeout);
-    timeout = null;
+    if (timeout) {
+      clearTimeout(timeout);
+      timeout = null;
+    }
   }
 
   async function load() {
     const { data, error } = await history({ dismissed: false, per_page: 100 });
     if (!error) {
-      $running = data.results;
+      $running = data?.results;
     }
   }
 
   async function rateRun(rating: number, run: Run) {
     const csrftoken = getCsrfToken();
+    if (!csrftoken) {
+      console.error("No CSRF token");
+      return;
+    }
     const prevRating = run.rating;
     run = { ...run, rating }; // optimistic update
     const { data, error } = await rate(run.uuid, rating, csrftoken);
-    if (error) {
-      console.error(error.errors);
+    if (error || !data) {
+      console.error(error?.errors ?? "No data");
       run = { ...run, rating: prevRating }; // put it back
     } else {
       run = data;
@@ -69,10 +74,14 @@ This component should update on a timer.
 
   async function dismissRun(run: Run) {
     const csrftoken = getCsrfToken();
+    if (!csrftoken) {
+      console.error("No CSRF token");
+      return;
+    }
     run = { ...run, dismissed: true }; // optimistic update
     const { data, error } = await dismiss(run.uuid, csrftoken);
-    if (error) {
-      console.error(error.errors);
+    if (error || !data) {
+      console.error(error?.errors ?? "No data");
       run = { ...run, dismissed: false }; // put it back
     } else {
       run = data;
@@ -82,16 +91,20 @@ This component should update on a timer.
   // todo
   async function cancelRun(run: Run) {
     const csrftoken = getCsrfToken();
+    if (!csrftoken) {
+      console.error("No CSRF token");
+      return;
+    }
     const { status } = run;
     run = { ...run, status: "cancelled" }; // optimistic update
     const { data, error } = await cancel(run.uuid, csrftoken);
-    if (error) {
+    if (error || !data) {
       run = { ...run, status }; // put it back
     }
   }
 </script>
 
-{#if $running.length > 0}
+{#if $running?.length && $running.length > 0}
   <SidebarGroup name="processing.addons">
     <SidebarItem slot="title">
       <Plug16 slot="start" />
diff --git a/src/lib/components/processing/Documents.svelte b/src/lib/components/processing/Documents.svelte
index 9751b5f51..b631ef7d2 100644
--- a/src/lib/components/processing/Documents.svelte
+++ b/src/lib/components/processing/Documents.svelte
@@ -6,7 +6,7 @@ This component keeps track of pending items it has seen,
 so we can invalidate documents as they finish processing.
 -->
 <script context="module" lang="ts">
-  import type { Document, Nullable, Pending } from "$lib/api/types";
+  import type { Document, Maybe, Nullable, Pending } from "$lib/api/types";
 
   export function getProgress(process: Pending): number {
     const { texts, images, text_positions, pages } = process;
@@ -55,9 +55,9 @@ so we can invalidate documents as they finish processing.
   let documents: Map<number, Document> = new Map();
   let seen: Set<number> = new Set();
   let finished: number[] = [];
-  let timeout: string | number | NodeJS.Timeout;
+  let timeout: Nullable<string | number | NodeJS.Timeout>;
   let loading = false;
-  let reprocess: Nullable<Document> = null;
+  let reprocess: Nullable<Maybe<Document>> = null;
 
   const current = getPendingDocuments();
 
@@ -72,19 +72,19 @@ so we can invalidate documents as they finish processing.
   // update whenever $current changes
   $: update($current);
 
-  async function update(current: Pending[]) {
+  async function update(current: Maybe<Pending[]>) {
     // track our initial set
-    current.forEach((d) => seen.add(d.doc_id));
+    current?.forEach((d) => seen.add(d.doc_id));
 
-    const ids = new Set(current.map((d) => d.doc_id));
+    const ids = new Set(current?.map((d) => d.doc_id));
     const to_fetch = current
-      .filter((d) => !documents.has(d.doc_id))
+      ?.filter((d) => !documents.has(d.doc_id))
       .map((d) => d.doc_id);
 
-    if (to_fetch.length > 0) {
+    if (to_fetch?.length && to_fetch.length > 0) {
       const { data, error } = await list({ id__in: to_fetch.join(",") });
       if (!error) {
-        data.results.forEach((d) => documents.set(+d.id, d));
+        data?.results.forEach((d) => documents.set(+d.id, d));
         documents = documents;
       }
     }
@@ -106,42 +106,16 @@ so we can invalidate documents as they finish processing.
   async function load() {
     if (loading) return;
     loading = true;
-    if ($current.length === 0 || timeout) {
+    if ($current?.length === 0 || timeout) {
       $current = await pending();
     }
 
     // track our initial set
-    $current.forEach((d) => seen.add(d.doc_id));
-
-    const ids = new Set($current.map((d) => d.doc_id));
-    const to_fetch = $current
-      .filter((d) => !documents.has(d.doc_id))
-      .map((d) => d.doc_id);
-
-    if (to_fetch.length > 0) {
-      const { data, error } = await list({ id__in: to_fetch.join(",") });
-      if (!error) {
-        data.results.forEach((d) => documents.set(+d.id, d));
-        documents = documents;
-      }
-    }
-
-    // finished are seen IDs not in current
-    seen.forEach((id) => {
-      if (!ids.has(id)) {
-        finished.push(id);
-      }
-    });
-
-    // invalidate and empty our queue
-    while (finished.length > 1) {
-      const id = finished.pop();
-      invalidate(`documents:${id}`);
-    }
+    await update($current);
 
     // set the timer for next update if we still have pending
     loading = false;
-    if ($current.length > 0) {
+    if ($current?.length && $current.length > 0) {
       timeout = setTimeout(load, POLL_INTERVAL);
     } else {
       stop();
@@ -149,12 +123,14 @@ so we can invalidate documents as they finish processing.
   }
 
   function stop() {
-    clearTimeout(timeout);
-    timeout = null;
+    if (timeout) {
+      clearTimeout(timeout);
+      timeout = null;
+    }
   }
 </script>
 
-{#if $current.length}
+{#if $current?.length}
   <SidebarGroup name="processing.documents">
     <SidebarItem slot="title">
       <File16 slot="start" />
@@ -164,7 +140,7 @@ so we can invalidate documents as they finish processing.
       {@const document = documents.get(process.doc_id)}
       <div role="menuitem" animate:flip>
         <Process
-          name={document?.title}
+          name={document?.title ?? $_("processing.unknown")}
           href={document ? canonicalUrl(document).href : undefined}
           status={getStatus(process)}
           progress={getProgress(process)}
diff --git a/src/lib/components/processing/ProcessContext.svelte b/src/lib/components/processing/ProcessContext.svelte
index b9032e8ae..c9b535529 100644
--- a/src/lib/components/processing/ProcessContext.svelte
+++ b/src/lib/components/processing/ProcessContext.svelte
@@ -51,7 +51,7 @@ This makes the state of those processes available via context.
 
     // addons
     const { data, error } = await history({ dismissed: false, per_page: 100 });
-    if (!error) {
+    if (!error && data) {
       addons.set(data.results);
     }
   }
diff --git a/src/lib/components/processing/ProcessDrawer.svelte b/src/lib/components/processing/ProcessDrawer.svelte
index a78df9de7..9c7377edc 100644
--- a/src/lib/components/processing/ProcessDrawer.svelte
+++ b/src/lib/components/processing/ProcessDrawer.svelte
@@ -27,7 +27,7 @@
   const running = getRunningAddons();
   const current = getPendingDocuments();
 
-  $: addons = $running.reduce(
+  $: addons = $running?.reduce(
     (acc, cur) => {
       const curCount = acc[cur.status] ?? 0;
       acc[cur.status] = curCount + 1;
@@ -36,7 +36,7 @@
     {} as Record<Status, number>,
   );
 
-  $: documents = $current.reduce(
+  $: documents = $current?.reduce(
     (acc, cur) => {
       const status = getStatus(cur);
       const curCount = acc[status] ?? 0;
@@ -47,7 +47,7 @@
   );
 
   $: for (const status of Object.keys(totalCounts)) {
-    totalCounts[status] = (addons[status] || 0) + (documents[status] || 0);
+    totalCounts[status] = (addons?.[status] || 0) + (documents?.[status] || 0);
   }
 
   $: total = sumCounts(totalCounts);
diff --git a/src/lib/components/processing/stories/AddOns.stories.svelte b/src/lib/components/processing/stories/AddOns.stories.svelte
index e077f88f0..9ae8c8bd8 100644
--- a/src/lib/components/processing/stories/AddOns.stories.svelte
+++ b/src/lib/components/processing/stories/AddOns.stories.svelte
@@ -1,9 +1,7 @@
 <script context="module" lang="ts">
   import { Story } from "@storybook/addon-svelte-csf";
   import AddOns from "../AddOns.svelte";
-  import { progress } from "@/test/fixtures/addons/progress";
   import ProcessContext from "../ProcessContext.svelte";
-  import { writable } from "svelte/store";
 
   import { runs } from "@/test/handlers/addons";
 
diff --git a/src/lib/components/processing/stories/Documents.stories.svelte b/src/lib/components/processing/stories/Documents.stories.svelte
index 6eae607fb..91aa2ba1c 100644
--- a/src/lib/components/processing/stories/Documents.stories.svelte
+++ b/src/lib/components/processing/stories/Documents.stories.svelte
@@ -1,9 +1,7 @@
 <script context="module" lang="ts">
   import { Story } from "@storybook/addon-svelte-csf";
   import Documents from "../Documents.svelte";
-  import { pending } from "@/test/fixtures/documents/pending";
   import ProcessContext from "../ProcessContext.svelte";
-  import { writable } from "svelte/store";
 
   import * as mock from "@/test/handlers/documents";
 
diff --git a/src/lib/components/processing/stories/ProcessDrawer.stories.svelte b/src/lib/components/processing/stories/ProcessDrawer.stories.svelte
index 130227bae..a5e3ec70d 100644
--- a/src/lib/components/processing/stories/ProcessDrawer.stories.svelte
+++ b/src/lib/components/processing/stories/ProcessDrawer.stories.svelte
@@ -1,8 +1,5 @@
 <script context="module" lang="ts">
-  import { writable } from "svelte/store";
   import { Story } from "@storybook/addon-svelte-csf";
-  import { pending } from "@/test/fixtures/documents/pending";
-  import { progress } from "@/test/fixtures/addons/progress";
   import ProcessContext from "../ProcessContext.svelte";
   import ProcessDrawer from "../ProcessDrawer.svelte";
 
diff --git a/src/lib/components/projects/Collaborators.svelte b/src/lib/components/projects/Collaborators.svelte
index ba33416a8..63f5d97fe 100644
--- a/src/lib/components/projects/Collaborators.svelte
+++ b/src/lib/components/projects/Collaborators.svelte
@@ -1,5 +1,6 @@
 <script lang="ts">
   import type {
+    Nullable,
     Project,
     ProjectAccess,
     ProjectUser,
@@ -43,8 +44,8 @@
     remove: $_("collaborators.remove.label"),
   };
 
-  let show: "invite" | "update" | "remove" = null;
-  let user_to_update: ProjectUser = null;
+  let show: Nullable<"invite" | "update" | "remove"> = null;
+  let user_to_update: Nullable<ProjectUser> = null;
 
   // Do I belong to this project?
   $: isProjectUser = users.some((u) => u.user.id === $me?.id);
@@ -147,11 +148,11 @@
         <InviteCollaborator {project} on:close={hide} />
       {/if}
 
-      {#if show === "update"}
+      {#if show === "update" && user_to_update}
         <UpdateCollaborator {project} user={user_to_update} on:close={hide} />
       {/if}
 
-      {#if show === "remove"}
+      {#if show === "remove" && user_to_update}
         <RemoveCollaborator {project} user={user_to_update} on:close={hide} />
       {/if}
     </Modal>
diff --git a/src/lib/components/projects/ProjectPin.svelte b/src/lib/components/projects/ProjectPin.svelte
index d2967a605..897e43a93 100644
--- a/src/lib/components/projects/ProjectPin.svelte
+++ b/src/lib/components/projects/ProjectPin.svelte
@@ -29,6 +29,10 @@
   async function toggle(e) {
     e.preventDefault();
     const csrf_token = getCsrfToken();
+    if (!csrf_token) {
+      console.error("No CSRF token found");
+      return;
+    }
     const newPinnedState = !project.pinned;
 
     const { data, error } = await pinProject(
@@ -37,9 +41,9 @@
       csrf_token,
     );
 
-    if (error) {
+    if (error || !data) {
       project.pinned = !project.pinned;
-      console.error(error);
+      console.error(error ?? "Missing data");
     } else {
       project = data;
       await invalidate(canonicalUrl(project));
diff --git a/src/lib/components/projects/ProjectShare.svelte b/src/lib/components/projects/ProjectShare.svelte
index f292ded08..b752b98cd 100644
--- a/src/lib/components/projects/ProjectShare.svelte
+++ b/src/lib/components/projects/ProjectShare.svelte
@@ -8,7 +8,6 @@
   import Button from "../common/Button.svelte";
   import Field from "../common/Field.svelte";
   import FieldLabel from "../common/FieldLabel.svelte";
-  import Flex from "../common/Flex.svelte";
   import Text from "../inputs/Text.svelte";
   import TextArea from "../inputs/TextArea.svelte";
   import { toast } from "../layouts/Toaster.svelte";
diff --git a/src/lib/components/projects/stories/ProjectActions.stories.svelte b/src/lib/components/projects/stories/ProjectActions.stories.svelte
index 29c2197df..62831ae7a 100644
--- a/src/lib/components/projects/stories/ProjectActions.stories.svelte
+++ b/src/lib/components/projects/stories/ProjectActions.stories.svelte
@@ -1,5 +1,4 @@
 <script context="module" lang="ts">
-  import type { Project } from "@/lib/api/types";
   import { Story } from "@storybook/addon-svelte-csf";
   import ProjectActions from "../ProjectActions.svelte";
 
diff --git a/src/lib/components/sidebar/SidebarGroup.svelte b/src/lib/components/sidebar/SidebarGroup.svelte
index b7a1b582f..0a31904d1 100644
--- a/src/lib/components/sidebar/SidebarGroup.svelte
+++ b/src/lib/components/sidebar/SidebarGroup.svelte
@@ -4,7 +4,7 @@
   import { ChevronDown16 } from "svelte-octicons";
 
   export let collapsed = false;
-  export let name: string = undefined;
+  export let name: string | undefined = undefined;
 
   $: key = `SidebarGroup:${name}`;
 
diff --git a/src/lib/components/sidebar/SidebarItem.svelte b/src/lib/components/sidebar/SidebarItem.svelte
index fd325efda..49462e194 100644
--- a/src/lib/components/sidebar/SidebarItem.svelte
+++ b/src/lib/components/sidebar/SidebarItem.svelte
@@ -1,4 +1,6 @@
 <script lang="ts">
+  import type { Maybe } from "$lib/api/types";
+
   export let active = false;
   export let disabled = false;
   export let small = false;
@@ -6,10 +8,10 @@
   export let title = "";
   export let inline = false;
   // handling link behavior
-  export let href: string = undefined;
-  export let target: string = undefined;
-  export let rel: string = undefined;
-  export let download: boolean | string = undefined;
+  export let href: Maybe<string> = undefined;
+  export let target: Maybe<string> = undefined;
+  export let rel: Maybe<string> = undefined;
+  export let download: Maybe<boolean | string> = undefined;
 </script>
 
 {#if href}
diff --git a/src/lib/components/viewer/AnnotationLayer.svelte b/src/lib/components/viewer/AnnotationLayer.svelte
index ae8b6412e..3f313bb1b 100644
--- a/src/lib/components/viewer/AnnotationLayer.svelte
+++ b/src/lib/components/viewer/AnnotationLayer.svelte
@@ -54,8 +54,8 @@ Assumes it's a child of a ViewerContext
   $: edit_page_note =
     writing &&
     Boolean($currentNote) &&
-    isPageLevel($currentNote) &&
-    page_number === $currentNote.page_number;
+    isPageLevel($currentNote ?? {}) &&
+    page_number === $currentNote?.page_number;
 
   function getNoteId(note: NoteType) {
     return noteHashUrl(note).split("#")[1];
@@ -89,7 +89,7 @@ Assumes it's a child of a ViewerContext
   }
 
   function continueDrawingBox(e: PointerEvent) {
-    if (!drawing || !newNote) return;
+    if (!drawing || !newNote || !drawStart || !$newNote) return;
 
     const [x, y] = getLayerPosition(e);
     const [startX, startY] = drawStart;
@@ -112,7 +112,7 @@ Assumes it's a child of a ViewerContext
   }
 
   function finishDrawingBox(e: PointerEvent) {
-    if (!newNote || !drawing) return;
+    if (!newNote || !drawing || !$newNote) return;
 
     $newNote = {
       ...$newNote,
@@ -160,19 +160,19 @@ Assumes it's a child of a ViewerContext
   }
 
   function onEditNoteSuccess(
-    e: CustomEvent<Maybe<NoteType>>,
-    oldNote: Maybe<NoteType>,
+    e: CustomEvent<Maybe<Nullable<NoteType>>>,
+    oldNote: Maybe<Nullable<NoteType>>,
   ) {
     const editedNote = e.detail;
     // Make an optimistic update to the `$documentStore`,
     // which should be overwritten by invalidation.
     // Start by removing the old note from the notes array.
-    const newDocNotes = document.notes.filter(
+    const newDocNotes = document.notes?.filter(
       (note) => note.id !== oldNote?.id,
     );
     // When a note is added or edited, add or replace it in the array.
     // When it's deleted, `editedNote` will be undefined so we'll skip this.
-    if (editedNote) newDocNotes.push(editedNote);
+    if (editedNote) newDocNotes?.push(editedNote);
     // Update the $documentStore with new value for `document.notes`.
     documentStore.update((document) => ({ ...document, notes: newDocNotes }));
     // Finally, invalidate the document. After it's refetched, the
@@ -273,7 +273,7 @@ Assumes it's a child of a ViewerContext
 
       <EditNote
         {document}
-        note={$currentNote}
+        note={$currentNote ?? {}}
         {page_number}
         on:close={closeNote}
         on:success={(e) => onEditNoteSuccess(e, $currentNote)}
diff --git a/src/lib/components/viewer/Grid.svelte b/src/lib/components/viewer/Grid.svelte
index 6b91eb7cd..6002584ea 100644
--- a/src/lib/components/viewer/Grid.svelte
+++ b/src/lib/components/viewer/Grid.svelte
@@ -14,7 +14,7 @@
 
   import { IMAGE_WIDTHS_MAP } from "@/config/config.js";
   import { pageImageUrl } from "$lib/api/documents";
-  import { pageSizesFromSpec } from "@/api/pageSize.js";
+  import { pageSizesFromSpec } from "$lib/utils/pageSize";
   import {
     getDocument,
     getZoom,
@@ -37,7 +37,7 @@
   $: size = zoomToSize($zoom);
   $: sizes = pageSizesFromSpec(document.page_spec);
   $: scale = SCALE[size] ?? 1;
-  $: width = IMAGE_WIDTHS_MAP.get(size) / scale;
+  $: width = (IMAGE_WIDTHS_MAP.get(size) ?? 180) / scale;
 </script>
 
 <div class="pages" style:--image-width="{width}px">
diff --git a/src/lib/components/viewer/Note.svelte b/src/lib/components/viewer/Note.svelte
index e4a6ac980..5839236f2 100644
--- a/src/lib/components/viewer/Note.svelte
+++ b/src/lib/components/viewer/Note.svelte
@@ -110,6 +110,11 @@
 
   async function renderImage(canvas: HTMLCanvasElement, document: Document) {
     const context = canvas.getContext("2d");
+    if (!context) {
+      console.error("Missing canvas context when rendering image in note.");
+      return;
+    }
+
     const image = new Image();
 
     let src = pageImageUrl(document, page_number, SIZE);
@@ -139,9 +144,19 @@
 
   async function renderPDF(canvas: HTMLCanvasElement, pdf: PDFDocumentProxy) {
     const context = canvas.getContext("2d");
+    if (!context) {
+      console.error("Missing canvas context when rendering PDF in note.");
+      return;
+    }
+
     const page = await pdf.getPage(page_number);
     const [x, y, w, h] = page.view;
 
+    if (!w || !h) {
+      console.error("Missing page dimensions when rendering PDF in note.");
+      return;
+    }
+
     const offsetX = note.x1 * w * scale;
     const offsetY = note.y1 * h * scale;
     const noteWidth = width(note) * w * scale;
@@ -153,7 +168,7 @@
     });
 
     const dpr = window?.devicePixelRatio ?? 1;
-    const transform = dpr !== 1 ? [dpr, 0, 0, dpr, 0, 0] : null;
+    const transform = dpr !== 1 ? [dpr, 0, 0, dpr, 0, 0] : undefined;
 
     // set the pixel dimensions of the canvas
     canvas.width = Math.floor(noteWidth * dpr);
@@ -211,9 +226,11 @@
       <canvas width="0" height="0" bind:this={canvas}></canvas>
     </div>
   {/if}
-  <div class="content">
-    <p>{@html clean(note.content)}</p>
-  </div>
+  {#if note.content}
+    <div class="content">
+      <p>{@html clean(note.content)}</p>
+    </div>
+  {/if}
   <footer>
     <span class="access {note.access}">
       <svelte:component this={access[note.access].icon} />
diff --git a/src/lib/components/viewer/NoteTab.svelte b/src/lib/components/viewer/NoteTab.svelte
index 460eff06a..737fd9933 100644
--- a/src/lib/components/viewer/NoteTab.svelte
+++ b/src/lib/components/viewer/NoteTab.svelte
@@ -10,7 +10,7 @@
 
   export let access: Access | "" = "";
   export let size: "small" | "normal" = "normal";
-  export let title: string = undefined;
+  export let title: string | undefined = undefined;
 </script>
 
 <Tooltip caption={title} placement="right">
diff --git a/src/lib/components/viewer/Notes.svelte b/src/lib/components/viewer/Notes.svelte
index 8585a41b3..cbbbe3ddb 100644
--- a/src/lib/components/viewer/Notes.svelte
+++ b/src/lib/components/viewer/Notes.svelte
@@ -19,7 +19,7 @@ Assumes it's a child of a ViewerContext
   const embed = isEmbedded();
 
   $: document = $documentStore;
-  $: notes = document.notes;
+  $: notes = document.notes ?? [];
   $: annotate = getViewerHref({ document, mode: "annotating" });
 </script>
 
diff --git a/src/lib/components/viewer/PDFPage.svelte b/src/lib/components/viewer/PDFPage.svelte
index 56daa3ee2..714b9e8d6 100644
--- a/src/lib/components/viewer/PDFPage.svelte
+++ b/src/lib/components/viewer/PDFPage.svelte
@@ -82,8 +82,9 @@ Selectable text can be rendered in one of two ways:
   // handle 0 sizing when page_spec is unavailable
   $: if (page && width === 0 && height === 0) {
     page.then((p) => {
-      width = p.view[2];
-      height = p.view[3];
+      // It's safe to assume that PDFPageProxy.view is 4 elements long
+      width = p.view[2]!;
+      height = p.view[3]!;
     });
   }
 
diff --git a/src/lib/components/viewer/Page.svelte b/src/lib/components/viewer/Page.svelte
index 667db8587..c15c14fb7 100644
--- a/src/lib/components/viewer/Page.svelte
+++ b/src/lib/components/viewer/Page.svelte
@@ -23,7 +23,7 @@ Assumes it's a child of a ViewerContext
   export let wide = false;
   export let tall = false;
   export let track: boolean | "once" = false;
-  export let width: number = undefined;
+  export let width: number | undefined = undefined;
 
   const dispatch = createEventDispatcher();
 
@@ -46,6 +46,12 @@ Assumes it's a child of a ViewerContext
     embed,
   });
 
+  function isDOMRectReadOnly(
+    rect: null | undefined | DOMRect | DOMRectReadOnly,
+  ): rect is DOMRectReadOnly {
+    return Boolean(rect && "readonly" in rect);
+  }
+
   function watch(el: HTMLElement, once = false): IntersectionObserver {
     const io = new IntersectionObserver(
       (entries, observer) => {
@@ -65,8 +71,10 @@ Assumes it's a child of a ViewerContext
           const { boundingClientRect, rootBounds } = entry;
 
           if (
-            boundingClientRect?.top > rootBounds?.top &&
-            boundingClientRect?.top < rootBounds?.height / 2 &&
+            isDOMRectReadOnly(boundingClientRect) &&
+            isDOMRectReadOnly(rootBounds) &&
+            boundingClientRect.top > rootBounds.top &&
+            boundingClientRect.top < rootBounds.height / 2 &&
             currentPage // in case context is missing
           ) {
             $currentPage = page_number;
diff --git a/src/lib/components/viewer/ReadingToolbar.svelte b/src/lib/components/viewer/ReadingToolbar.svelte
index 70aa29c6b..956512abd 100644
--- a/src/lib/components/viewer/ReadingToolbar.svelte
+++ b/src/lib/components/viewer/ReadingToolbar.svelte
@@ -92,7 +92,7 @@ Assumes it's a child of a ViewerContext
       <Dropdown position="bottom-start">
         <SidebarItem slot="anchor">
           <svelte:component this={icons[$mode]} slot="start" />
-          {Array.from(readModes).find(([value]) => value === $mode)[1]}
+          {Array.from(readModes ?? []).find(([value]) => value === $mode)?.[1]}
           <ChevronDown12 slot="end" />
         </SidebarItem>
         <Menu slot="default" let:close>
diff --git a/src/lib/components/viewer/RedactionLayer.svelte b/src/lib/components/viewer/RedactionLayer.svelte
index a04e03e47..786d99579 100644
--- a/src/lib/components/viewer/RedactionLayer.svelte
+++ b/src/lib/components/viewer/RedactionLayer.svelte
@@ -3,7 +3,7 @@ This is a box to draw redactions on.
 It's layered over a PDF page and allows us to render redactions and draw new ones.
 -->
 <script context="module" lang="ts">
-  import type { Redaction } from "$lib/api/types";
+  import type { Redaction, Nullable } from "$lib/api/types";
   import { get, writable, type Writable } from "svelte/store";
 
   // active redactions
@@ -34,7 +34,7 @@ It's layered over a PDF page and allows us to render redactions and draw new one
   export let page_number: number; // 0-indexed
 
   let container: HTMLElement;
-  let currentRedaction: Redaction = null;
+  let currentRedaction: Nullable<Redaction> = null;
 
   $: redactions_for_page = [...$pending, ...$redactions].filter(
     (r) => r.page_number === page_number,
@@ -43,13 +43,13 @@ It's layered over a PDF page and allows us to render redactions and draw new one
   // handle interaction events
   let dragging = false;
 
-  function pointerdown(e) {
+  function pointerdown(e: PointerEvent) {
     if (!active) return;
 
     dragging = true;
 
     const { offsetX, offsetY } = e;
-    const { clientWidth, clientHeight } = e.target;
+    const { clientWidth, clientHeight } = e.target as HTMLElement;
 
     currentRedaction = {
       page_number,
@@ -60,11 +60,11 @@ It's layered over a PDF page and allows us to render redactions and draw new one
     };
   }
 
-  function pointermove(e) {
-    if (!dragging || !active) return;
+  function pointermove(e: PointerEvent) {
+    if (!dragging || !active || !currentRedaction) return;
 
     const { offsetX, offsetY } = e;
-    const { clientWidth, clientHeight } = e.target;
+    const { clientWidth, clientHeight } = e.target as HTMLElement;
 
     const x = offsetX / clientWidth;
     const y = offsetY / clientHeight;
@@ -78,11 +78,12 @@ It's layered over a PDF page and allows us to render redactions and draw new one
     };
   }
 
-  function pointerup(e) {
+  function pointerup(e: PointerEvent) {
     dragging = false;
+    if (!currentRedaction) return;
 
     const { offsetX, offsetY } = e;
-    const { clientWidth, clientHeight } = e.target;
+    const { clientWidth, clientHeight } = e.target as HTMLElement;
 
     const x = offsetX / clientWidth;
     const y = offsetY / clientHeight;
diff --git a/src/lib/components/viewer/Text.svelte b/src/lib/components/viewer/Text.svelte
index 2cca1efa1..f07c6f4b2 100644
--- a/src/lib/components/viewer/Text.svelte
+++ b/src/lib/components/viewer/Text.svelte
@@ -30,7 +30,7 @@
 </script>
 
 <div class="textPages" style:--zoom={+$zoom || 1}>
-  {#each text?.pages as { page, contents }}
+  {#each text?.pages ?? [] as { page, contents }}
     <Page page_number={page + 1} track>
       <pre>
         {@html highlight(contents, query)}
diff --git a/src/lib/components/viewer/ViewerContext.svelte b/src/lib/components/viewer/ViewerContext.svelte
index a744c88ab..2d443ec48 100644
--- a/src/lib/components/viewer/ViewerContext.svelte
+++ b/src/lib/components/viewer/ViewerContext.svelte
@@ -148,10 +148,13 @@ layouts, stories, and tests.
     note.id === noteFromHash($pageStore.url.hash);
 
   function scrollToHash(hash?: string) {
-    const page: Nullable<number> = pageFromHash(hash);
-    let el: Maybe<HTMLElement>;
+    const page: Nullable<number> = hash ? pageFromHash(hash) : null;
+    let el: Maybe<Nullable<HTMLElement>>;
     if (hash) {
-      el = window?.document.getElementById(hash.split("#")[1]);
+      const id = hash.split("#")[1];
+      if (id) {
+        el = window?.document.getElementById(id);
+      }
     }
     // Scroll to the element, if it's available, and update the current page
     if (el && page) {
@@ -162,7 +165,7 @@ layouts, stories, and tests.
 
   function onHashChange() {
     const { hash } = window.location;
-    $currentNote = $currentDoc.notes.find(noteMatchingPageHash);
+    $currentNote = $currentDoc.notes?.find(noteMatchingPageHash) ?? null;
     if (shouldPaginate($currentMode)) {
       scrollToHash(hash);
     }
@@ -188,7 +191,7 @@ layouts, stories, and tests.
     const { hash } = $pageStore.url;
     const hashPage = pageFromHash(hash);
     $currentMode = mode;
-    $currentNote = $currentDoc.notes.find(noteMatchingPageHash) ?? null;
+    $currentNote = $currentDoc.notes?.find(noteMatchingPageHash) ?? null;
     if (shouldPaginate(mode) && $currentPage !== hashPage) {
       scrollToHash(hash);
     }
diff --git a/src/lib/components/viewer/stories/AnnotationLayer.stories.svelte b/src/lib/components/viewer/stories/AnnotationLayer.stories.svelte
index 82060b41a..2832fbf2e 100644
--- a/src/lib/components/viewer/stories/AnnotationLayer.stories.svelte
+++ b/src/lib/components/viewer/stories/AnnotationLayer.stories.svelte
@@ -12,12 +12,12 @@
     parameters: { layout: "centered" },
   };
 
-  import { pageSizes } from "@/api/pageSize.js";
+  import { pageSizes } from "$lib/utils/pageSize";
   import doc from "@/test/fixtures/documents/document-expanded.json";
   import ViewerContext from "../ViewerContext.svelte";
 
   const document = doc as Document;
-  const sizes = pageSizes(document.page_spec);
+  const sizes = pageSizes(document.page_spec!);
 </script>
 
 <Story name="Reading">
diff --git a/src/lib/components/viewer/stories/PDFPage.stories.svelte b/src/lib/components/viewer/stories/PDFPage.stories.svelte
index 3aec5ae6c..a5ec14bb5 100644
--- a/src/lib/components/viewer/stories/PDFPage.stories.svelte
+++ b/src/lib/components/viewer/stories/PDFPage.stories.svelte
@@ -8,7 +8,7 @@
     "pdfjs-dist/build/pdf.worker.mjs",
     import.meta.url,
   ).href;
-  import { pageSizes } from "@/api/pageSize.js";
+  import { pageSizes } from "$lib/utils/pageSize";
 
   import doc from "@/test/fixtures/documents/examples/the-santa-anas.json";
   import textPositions from "@/test/fixtures/documents/examples/the-santa-anas-p1.position.json";
@@ -24,8 +24,8 @@
     parameters: { layout: "centered" },
   };
 
-  const sizes = pageSizes(document.page_spec);
-  const [width, height] = sizes[0];
+  const sizes = pageSizes(document.page_spec!);
+  const [width, height] = sizes[0]!;
   const query = "los angeles";
   const url = new URL(pdfFile, import.meta.url);
 
diff --git a/src/lib/components/viewer/stories/Viewer.stories.svelte b/src/lib/components/viewer/stories/Viewer.stories.svelte
index 98ef6bf6c..19b929295 100644
--- a/src/lib/components/viewer/stories/Viewer.stories.svelte
+++ b/src/lib/components/viewer/stories/Viewer.stories.svelte
@@ -48,7 +48,7 @@
     document: {
       ...document,
       edit_access: true,
-      notes: document.notes.map((note) => ({ ...note, edit_access: true })),
+      notes: document.notes?.map((note) => ({ ...note, edit_access: true })),
     },
   }}
 />
@@ -73,7 +73,7 @@
     document: {
       ...document,
       edit_access: true,
-      notes: document.notes.map((note) => ({ ...note, edit_access: true })),
+      notes: document.notes?.map((note) => ({ ...note, edit_access: true })),
     },
   }}
 />
diff --git a/src/lib/i18n/index.js b/src/lib/i18n/index.js
index 76e4e8b90..18530068b 100644
--- a/src/lib/i18n/index.js
+++ b/src/lib/i18n/index.js
@@ -5,7 +5,9 @@ import { LANGUAGES } from "@/config/config.js";
 const defaultLocale = "en";
 
 LANGUAGES.forEach(([name, code, flag]) => {
-  register(code, () => import(`@/langs/json/${code}.json`));
+  if (code) {
+    register(code, () => import(`@/langs/json/${code}.json`));
+  }
 });
 
 init({
diff --git a/src/lib/utils/api.ts b/src/lib/utils/api.ts
index d6a4d03d2..a95deaf65 100644
--- a/src/lib/utils/api.ts
+++ b/src/lib/utils/api.ts
@@ -1,6 +1,5 @@
 import type { NumericRange } from "@sveltejs/kit";
-import type { Page } from "@/api/types";
-import type { APIError, APIResponse } from "$lib/api/types";
+import type { APIResponse, Maybe, Page } from "$lib/api/types";
 import { CSRF_COOKIE_NAME, MAX_PER_PAGE } from "@/config/config";
 
 export function isErrorCode(status: number): status is NumericRange<400, 599> {
@@ -53,7 +52,7 @@ export async function getApiResponse<T, E = unknown>(
       response.error = {
         status: resp.status,
         message: resp.statusText,
-        errors: null,
+        errors: undefined,
       };
     }
 
@@ -140,14 +139,14 @@ export async function getPrivateAsset(
   return new URL(location);
 }
 
-export function getCsrfToken(document = globalThis.document): string {
+export function getCsrfToken(document = globalThis.document): Maybe<string> {
   if (typeof document === "undefined") return "";
   const [key, token] =
     document.cookie
       ?.split(";")
       ?.map((c) => c.split("="))
       // in case there's spaces in the cookie string, trim the key
-      ?.find(([k, v]) => k.trim() === CSRF_COOKIE_NAME) ?? [];
+      ?.find(([k, v]) => k?.trim() === CSRF_COOKIE_NAME) ?? [];
 
   return token;
 }
diff --git a/src/lib/utils/embed.ts b/src/lib/utils/embed.ts
index e2afb220b..9c102c85c 100644
--- a/src/lib/utils/embed.ts
+++ b/src/lib/utils/embed.ts
@@ -1,7 +1,7 @@
 export interface EmbedSettingOption {
   label: string;
   help: string;
-  value: number;
+  value: null | number;
 }
 
 export interface HiddenField {
@@ -23,7 +23,7 @@ export interface DimensionField {
 
 export interface EmbedSettingConfig {
   storageIndex: number;
-  defaultValue: number;
+  defaultValue: null | number;
   field: ToggleField | DimensionField | HiddenField;
 }
 
@@ -39,7 +39,7 @@ export let settings = {
   onlyshoworg: null,
 };
 
-export type EmbedSettings = typeof settings;
+export type EmbedSettings = Record<keyof typeof settings, null | number>;
 
 export const defaultSettings: EmbedSettings = {
   responsive: 1,
@@ -54,7 +54,7 @@ export const defaultSettings: EmbedSettings = {
 };
 
 export function createEmbedSearchParams(
-  params: Partial<typeof settings>,
+  params: Partial<EmbedSettings>,
 ): URLSearchParams {
   let searchParams: Record<string, string> = {};
   Object.entries(params).forEach(([key, value]) => {
@@ -64,9 +64,7 @@ export function createEmbedSearchParams(
   return new URLSearchParams(searchParams);
 }
 
-export function getEmbedSettings(
-  searchParams: URLSearchParams,
-): typeof settings {
+export function getEmbedSettings(searchParams: URLSearchParams): EmbedSettings {
   const embedSettings = Object.assign({}, defaultSettings);
   Object.keys(embedSettings).forEach((key) => {
     if (searchParams.has(key)) {
@@ -76,190 +74,189 @@ export function getEmbedSettings(
   return embedSettings;
 }
 
-export const settingsConfig: Record<keyof typeof settings, EmbedSettingConfig> =
-  {
-    responsive: {
-      storageIndex: 8, // out-of-order because added later
-      defaultValue: 1,
-      field: {
-        type: "toggle",
-        label: "dialogDocumentEmbedDialog.responsive",
-        options: [
-          {
-            label: "dialogDocumentEmbedDialog.respOn",
-            help: "dialogDocumentEmbedDialog.respOnHelp",
-            value: 1,
-          },
-          {
-            label: "dialogDocumentEmbedDialog.respOff",
-            help: "dialogDocumentEmbedDialog.respOffHelp",
-            value: 0,
-          },
-        ],
-      },
-    },
-    width: {
-      storageIndex: 1,
-      defaultValue: null,
-      field: {
-        type: "dimension",
-        label: "dialogDocumentEmbedDialog.width",
-        automatic: {
-          label: "appearanceDimension.responsive",
-          help: "dialogDocumentEmbedDialog.widthAuto",
-          value: null,
+export const settingsConfig: Record<keyof EmbedSettings, EmbedSettingConfig> = {
+  responsive: {
+    storageIndex: 8, // out-of-order because added later
+    defaultValue: 1,
+    field: {
+      type: "toggle",
+      label: "dialogDocumentEmbedDialog.responsive",
+      options: [
+        {
+          label: "dialogDocumentEmbedDialog.respOn",
+          help: "dialogDocumentEmbedDialog.respOnHelp",
+          value: 1,
         },
-        fixed: {
-          label: "appearanceDimension.fixed",
-          help: "dialogDocumentEmbedDialog.widthFixed",
-          value: 500,
+        {
+          label: "dialogDocumentEmbedDialog.respOff",
+          help: "dialogDocumentEmbedDialog.respOffHelp",
+          value: 0,
         },
+      ],
+    },
+  },
+  width: {
+    storageIndex: 1,
+    defaultValue: null,
+    field: {
+      type: "dimension",
+      label: "dialogDocumentEmbedDialog.width",
+      automatic: {
+        label: "appearanceDimension.responsive",
+        help: "dialogDocumentEmbedDialog.widthAuto",
+        value: null,
+      },
+      fixed: {
+        label: "appearanceDimension.fixed",
+        help: "dialogDocumentEmbedDialog.widthFixed",
+        value: 500,
+      },
+    },
+  },
+  height: {
+    storageIndex: 2,
+    defaultValue: null,
+    field: {
+      type: "dimension",
+      label: "dialogDocumentEmbedDialog.height",
+      automatic: {
+        label: "appearanceDimension.responsive",
+        help: "dialogDocumentEmbedDialog.heightAuto",
+        value: null,
+      },
+      fixed: {
+        label: "appearanceDimension.fixed",
+        help: "dialogDocumentEmbedDialog.widthFixed",
+        value: 500,
       },
     },
-    height: {
-      storageIndex: 2,
-      defaultValue: null,
-      field: {
-        type: "dimension",
-        label: "dialogDocumentEmbedDialog.height",
-        automatic: {
-          label: "appearanceDimension.responsive",
-          help: "dialogDocumentEmbedDialog.heightAuto",
+  },
+  sidebar: {
+    storageIndex: 0,
+    defaultValue: null,
+    field: {
+      type: "toggle",
+      label: "dialogDocumentEmbedDialog.sidebarBehavior",
+      options: [
+        {
+          label: "dialogDocumentEmbedDialog.sbResponsive",
+          help: "dialogDocumentEmbedDialog.sbResponsiveHelp",
           value: null,
         },
-        fixed: {
-          label: "appearanceDimension.fixed",
-          help: "dialogDocumentEmbedDialog.widthFixed",
-          value: 500,
+        {
+          label: "dialogDocumentEmbedDialog.hidden",
+          help: "dialogDocumentEmbedDialog.sbHiddenHelp",
+          value: 0,
         },
-      },
-    },
-    sidebar: {
-      storageIndex: 0,
-      defaultValue: null,
-      field: {
-        type: "toggle",
-        label: "dialogDocumentEmbedDialog.sidebarBehavior",
-        options: [
-          {
-            label: "dialogDocumentEmbedDialog.sbResponsive",
-            help: "dialogDocumentEmbedDialog.sbResponsiveHelp",
-            value: null,
-          },
-          {
-            label: "dialogDocumentEmbedDialog.hidden",
-            help: "dialogDocumentEmbedDialog.sbHiddenHelp",
-            value: 0,
-          },
-          {
-            label: "dialogDocumentEmbedDialog.visible",
-            help: "dialogDocumentEmbedDialog.sbVisibleHelp",
-            value: 1,
-          },
-        ],
-      },
+        {
+          label: "dialogDocumentEmbedDialog.visible",
+          help: "dialogDocumentEmbedDialog.sbVisibleHelp",
+          value: 1,
+        },
+      ],
     },
-    title: {
-      storageIndex: 3,
-      defaultValue: 1,
-      field: {
-        type: "toggle",
-        label: "dialogDocumentEmbedDialog.titleBehavior",
-        options: [
-          {
-            label: "dialogDocumentEmbedDialog.visibleDefault",
-            help: "dialogDocumentEmbedDialog.tVisibleHelp",
-            value: 1,
-          },
-          {
-            label: "dialogDocumentEmbedDialog.hidden",
-            help: "dialogDocumentEmbedDialog.tHiddenHelp",
-            value: 0,
-          },
-        ],
-      },
+  },
+  title: {
+    storageIndex: 3,
+    defaultValue: 1,
+    field: {
+      type: "toggle",
+      label: "dialogDocumentEmbedDialog.titleBehavior",
+      options: [
+        {
+          label: "dialogDocumentEmbedDialog.visibleDefault",
+          help: "dialogDocumentEmbedDialog.tVisibleHelp",
+          value: 1,
+        },
+        {
+          label: "dialogDocumentEmbedDialog.hidden",
+          help: "dialogDocumentEmbedDialog.tHiddenHelp",
+          value: 0,
+        },
+      ],
     },
-    pdf: {
-      storageIndex: 4,
-      defaultValue: null,
-      field: {
-        type: "toggle",
-        label: "dialogDocumentEmbedDialog.pdfLink",
-        options: [
-          {
-            label: "dialogDocumentEmbedDialog.visibleDefault",
-            help: "dialogDocumentEmbedDialog.plVisibleHelp",
-            value: null,
-          },
-          {
-            label: "dialogDocumentEmbedDialog.hidden",
-            help: "dialogDocumentEmbedDialog.plHiddenHelp",
-            value: 0,
-          },
-        ],
-      },
+  },
+  pdf: {
+    storageIndex: 4,
+    defaultValue: null,
+    field: {
+      type: "toggle",
+      label: "dialogDocumentEmbedDialog.pdfLink",
+      options: [
+        {
+          label: "dialogDocumentEmbedDialog.visibleDefault",
+          help: "dialogDocumentEmbedDialog.plVisibleHelp",
+          value: null,
+        },
+        {
+          label: "dialogDocumentEmbedDialog.hidden",
+          help: "dialogDocumentEmbedDialog.plHiddenHelp",
+          value: 0,
+        },
+      ],
     },
-    text: {
-      storageIndex: 6,
-      defaultValue: null,
-      field: {
-        type: "toggle",
-        label: "dialogDocumentEmbedDialog.textMode",
-        options: [
-          {
-            label: "dialogDocumentEmbedDialog.visibleDefault",
-            help: "dialogDocumentEmbedDialog.tmVisibleHelp",
-            value: null,
-          },
-          {
-            label: "dialogDocumentEmbedDialog.hidden",
-            help: "dialogDocumentEmbedDialog.tmHiddenHelp",
-            value: 0,
-          },
-        ],
-      },
+  },
+  text: {
+    storageIndex: 6,
+    defaultValue: null,
+    field: {
+      type: "toggle",
+      label: "dialogDocumentEmbedDialog.textMode",
+      options: [
+        {
+          label: "dialogDocumentEmbedDialog.visibleDefault",
+          help: "dialogDocumentEmbedDialog.tmVisibleHelp",
+          value: null,
+        },
+        {
+          label: "dialogDocumentEmbedDialog.hidden",
+          help: "dialogDocumentEmbedDialog.tmHiddenHelp",
+          value: 0,
+        },
+      ],
     },
-    fullscreen: {
-      storageIndex: 5,
-      defaultValue: null,
-      field: {
-        type: "toggle",
-        label: "dialogDocumentEmbedDialog.fullscreenOption",
-        options: [
-          {
-            label: "dialogDocumentEmbedDialog.visibleDefault",
-            help: "dialogDocumentEmbedDialog.fsVisibleHelp",
-            value: null,
-          },
-          {
-            label: "dialogDocumentEmbedDialog.hidden",
-            help: "dialogDocumentEmbedDialog.fsHiddenHelp",
-            value: 0,
-          },
-        ],
-      },
+  },
+  fullscreen: {
+    storageIndex: 5,
+    defaultValue: null,
+    field: {
+      type: "toggle",
+      label: "dialogDocumentEmbedDialog.fullscreenOption",
+      options: [
+        {
+          label: "dialogDocumentEmbedDialog.visibleDefault",
+          help: "dialogDocumentEmbedDialog.fsVisibleHelp",
+          value: null,
+        },
+        {
+          label: "dialogDocumentEmbedDialog.hidden",
+          help: "dialogDocumentEmbedDialog.fsHiddenHelp",
+          value: 0,
+        },
+      ],
     },
-    onlyshoworg: {
-      storageIndex: 7,
-      defaultValue: null,
-      field: {
-        type: "toggle",
-        label: "dialogDocumentEmbedDialog.contributedByFormat",
-        options: [
-          {
-            label: "dialogDocumentEmbedDialog.cbfUserAndOrg",
-            help: "dialogDocumentEmbedDialog.cbfUserAndOrgHelp",
-            value: null,
-          },
-          {
-            label: "dialogDocumentEmbedDialog.cbfOrgOnly",
-            help: "dialogDocumentEmbedDialog.cbfOrgOnlyHelp",
-            value: 1,
-          },
-        ],
-      },
+  },
+  onlyshoworg: {
+    storageIndex: 7,
+    defaultValue: null,
+    field: {
+      type: "toggle",
+      label: "dialogDocumentEmbedDialog.contributedByFormat",
+      options: [
+        {
+          label: "dialogDocumentEmbedDialog.cbfUserAndOrg",
+          help: "dialogDocumentEmbedDialog.cbfUserAndOrgHelp",
+          value: null,
+        },
+        {
+          label: "dialogDocumentEmbedDialog.cbfOrgOnly",
+          help: "dialogDocumentEmbedDialog.cbfOrgOnlyHelp",
+          value: 1,
+        },
+      ],
     },
-  };
+  },
+};
 
 /**
  * Is this URL an embed or a regular view
diff --git a/src/lib/utils/files.ts b/src/lib/utils/files.ts
index 6d63172cd..13d159b26 100644
--- a/src/lib/utils/files.ts
+++ b/src/lib/utils/files.ts
@@ -1,3 +1,4 @@
+import type { Maybe } from "$lib/api/types";
 import {
   DOCUMENT_TYPES,
   PDF_SIZE_LIMIT,
@@ -6,23 +7,26 @@ import {
 
 const types = new Set(DOCUMENT_TYPES);
 
-export function getFileExtensionFromType(filetype?: string) {
+export function getFileExtensionFromType(filetype?: string): string {
   if (filetype?.includes("/")) {
-    return filetype.split("/")[1];
+    return filetype.split("/")[1] ?? "";
   }
-  return filetype;
+  return filetype ?? "";
 }
 
-export function getFileExtension(file: File) {
+export function getFileExtension(file?: File): string {
+  if (!file) return "";
   if (file.name.includes(".")) {
-    return file.name.toLowerCase().trim().split(".").pop();
+    return file.name.toLowerCase().trim().split(".").pop() ?? "";
   } else if (file.type) {
-    return getFileExtensionFromType(file.type);
+    return getFileExtensionFromType(file.type) ?? "";
   }
+  return "";
 }
 
-export function isSupported(file: File) {
+export function isSupported(file: File): boolean {
   const extension = getFileExtension(file);
+  if (!extension) return false;
   return types.has(extension);
 }
 
@@ -43,5 +47,6 @@ export function isWithinSizeLimit(file: File) {
 
 export function filenameToTitle(filename: string): string {
   const [name, ...ext] = filename.split(".");
+  if (!name) return filename;
   return name.replace(/_/g, " ");
 }
diff --git a/src/api/pageSize.js b/src/lib/utils/pageSize.ts
similarity index 98%
rename from src/api/pageSize.js
rename to src/lib/utils/pageSize.ts
index a0165dac5..6705a2ae4 100644
--- a/src/api/pageSize.js
+++ b/src/lib/utils/pageSize.ts
@@ -10,7 +10,7 @@ export function pageSizesFromSpec(pageSpec) {
   if (pageSpec.trim().length == 0) return [];
 
   const parts = pageSpec.split(";");
-  const sizes = [];
+  const sizes: number[] = [];
   for (let i = 0; i < parts.length; i++) {
     // Go through each part, e.g. 100x200:0-5
     const part = parts[i];
diff --git a/src/lib/utils/permissions.ts b/src/lib/utils/permissions.ts
index 310ea0cbe..6ac8507a7 100644
--- a/src/lib/utils/permissions.ts
+++ b/src/lib/utils/permissions.ts
@@ -1,7 +1,7 @@
 /** Checks whether users have permission to view, update, or delete resources. */
 
 import type { Writable } from "svelte/store";
-import type { User } from "@/api/types";
+import type { Nullable, User } from "$lib/api/types";
 
 import { getContext } from "svelte";
 
@@ -20,7 +20,7 @@ export function isSignedIn(user?: User | null): user is User {
 }
 
 /* Checks if the user can upload file. Must be verified journalist or staff. */
-export function canUploadFiles(user?: User): boolean {
+export function canUploadFiles(user?: Nullable<User>): boolean {
   if (!user) return false;
-  return user.verified_journalist || user.is_staff;
+  return Boolean(user.verified_journalist || user.is_staff);
 }
diff --git a/src/lib/utils/search.ts b/src/lib/utils/search.ts
index 173fcd2c9..fe4851887 100644
--- a/src/lib/utils/search.ts
+++ b/src/lib/utils/search.ts
@@ -1,4 +1,4 @@
-import type { User } from "@/api/types";
+import type { Nullable, User } from "$lib/api/types";
 import type { Access } from "../api/types";
 import { APP_URL } from "@/config/config.js";
 import { slugify } from "@/util/string.js";
@@ -19,7 +19,7 @@ export function projectSearchUrl(project): string {
  * @param user
  * @param access
  */
-export function userDocs(user?: User, access?: Access): string {
+export function userDocs(user?: Nullable<User>, access?: Access): string {
   if (!user) return "";
   const username = getUserName(user);
   if (access) {
@@ -67,7 +67,7 @@ export function highlight(contents: string, query: string): string {
 export function pageNumber(page: string): number {
   const PAGE_NO_RE = /^page_no_(\d+)$/;
   const match = PAGE_NO_RE.exec(page);
-  if (!match) return NaN;
+  if (!match || !match[1]) return NaN;
   const number = parseInt(match[1]);
   return number;
 }
diff --git a/src/lib/utils/storage.ts b/src/lib/utils/storage.ts
index 70c3157d8..1b3baa579 100644
--- a/src/lib/utils/storage.ts
+++ b/src/lib/utils/storage.ts
@@ -16,7 +16,7 @@ export class StorageManager {
 
   get<R, T>(key: string, defaultValue?: T): R | T | null {
     try {
-      const value = JSON.parse(localStorage.getItem(this.key(key)));
+      const value = JSON.parse(localStorage.getItem(this.key(key)) ?? "null");
       if (value === null) return defaultValue ?? null;
       return value;
     } catch (e) {
@@ -35,7 +35,7 @@ export class StorageManager {
 
   remove(key: string) {
     try {
-      localStorage.removeItem(this.key(key))
+      localStorage.removeItem(this.key(key));
     } catch (e) {
       // Local storage not available
     }
diff --git a/src/lib/utils/tests/api.test.ts b/src/lib/utils/tests/api.test.ts
index 4420999b8..1699a5511 100644
--- a/src/lib/utils/tests/api.test.ts
+++ b/src/lib/utils/tests/api.test.ts
@@ -115,15 +115,15 @@ describe("getApiResponse", () => {
     resp = new Response(JSON.stringify(errors), { status: 400 });
     const response = await getApiResponse(resp);
     expect(response.data).toBeUndefined();
-    expect(response.error.status).toEqual(400);
-    expect(response.error.errors).toEqual(errors);
+    expect(response.error?.status).toEqual(400);
+    expect(response.error?.errors).toEqual(errors);
   });
 
   it("returns a 500 error for an empty response", async () => {
     // no response is a 500
     const response = await getApiResponse();
     expect(response.data).toBeUndefined();
-    expect(response.error.status).toEqual(500);
+    expect(response.error?.status).toEqual(500);
   });
 });
 
diff --git a/src/lib/utils/tests/files.test.ts b/src/lib/utils/tests/files.test.ts
index 8d085b5f9..4c2858424 100644
--- a/src/lib/utils/tests/files.test.ts
+++ b/src/lib/utils/tests/files.test.ts
@@ -9,7 +9,7 @@ describe("files.getFileExtensionFromType", () => {
   it("returns the provided input if not a Mimetype", () => {
     expect(files.getFileExtensionFromType("")).toEqual("");
     expect(files.getFileExtensionFromType("pdf")).toEqual("pdf");
-    expect(files.getFileExtensionFromType(undefined)).toEqual(undefined);
+    expect(files.getFileExtensionFromType(undefined)).toEqual("");
   });
 });
 
@@ -33,7 +33,7 @@ describe("files.getFileExtension", () => {
 
   it("returns undefined if neither filename extension nor file type", () => {
     const file = new File([], "filename");
-    expect(files.getFileExtension(file)).toBeUndefined();
+    expect(files.getFileExtension(file)).toEqual("");
   });
 });
 
diff --git a/src/api/pageSize.test.js b/src/lib/utils/tests/pageSize.test.ts
similarity index 92%
rename from src/api/pageSize.test.js
rename to src/lib/utils/tests/pageSize.test.ts
index e12ab3545..51a6b88cd 100644
--- a/src/api/pageSize.test.js
+++ b/src/lib/utils/tests/pageSize.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, test } from "vitest";
-import { pageSizesFromSpec, pageSizes } from "./pageSize.js";
+import { pageSizesFromSpec, pageSizes } from "../pageSize";
 
 describe("pageSizesFromSpec", () => {
   test("page sizes empty", () => {
diff --git a/src/lib/utils/tests/permissions.test.ts b/src/lib/utils/tests/permissions.test.ts
index 54f4cef9c..8170ca7d8 100644
--- a/src/lib/utils/tests/permissions.test.ts
+++ b/src/lib/utils/tests/permissions.test.ts
@@ -29,6 +29,6 @@ describe("getCurrentUser", () => {
   it("should return the current user from context", () => {
     // Render the mock component to set the context
     render(UserContextDemo);
-    expect(screen.getByText(me.name)).toBeInTheDocument();
+    expect(screen.getByText(me.name!)).toBeInTheDocument();
   });
 });
diff --git a/src/lib/utils/viewer.ts b/src/lib/utils/viewer.ts
index 462dfe91a..b20820566 100644
--- a/src/lib/utils/viewer.ts
+++ b/src/lib/utils/viewer.ts
@@ -50,7 +50,7 @@ export function getViewerHref(options: ViewerHrefOptions = {}) {
 export function fitPage(
   width: number,
   height: number,
-  container: HTMLElement,
+  container: HTMLElement | undefined,
   scale: number | "width" | "height",
 ): number {
   if (typeof scale === "number") return scale;
@@ -75,12 +75,12 @@ export function pageSizes(pageSpec: string): [width: number, height: number][] {
   const parts = pageSpec.split(";");
   return parts.reduce((sizes, part) => {
     const [size, range] = part?.split(":");
-    const [width, height] = size?.split("x").map(parseFloat);
+    const [width, height] = size?.split("x").map(parseFloat) ?? [];
 
     range?.split(",").forEach((rangePart) => {
       if (rangePart.includes("-")) {
         const [start, end] = rangePart.split("-").map((x) => parseInt(x, 10));
-        for (let page = start; page <= end; page++) {
+        for (let page = start ?? 0; page <= (end ?? 0); page++) {
           sizes[page] = [width, height];
         }
       } else {
@@ -99,10 +99,7 @@ export function pageSizes(pageSpec: string): [width: number, height: number][] {
 export function getNotes(document: Document): Record<number, Note[]> {
   return (
     document.notes?.reduce<Record<number, Note[]>>((m, note) => {
-      if (!m[note.page_number]) {
-        m[note.page_number] = [];
-      }
-      m[note.page_number].push(note);
+      m[note.page_number] = (m[note.page_number] ?? []).concat(note);
       return m;
     }, {}) ?? {}
   );
diff --git a/src/premium-credits/CreditMeter.svelte b/src/premium-credits/CreditMeter.svelte
index 83fcdbdcc..0583801fc 100644
--- a/src/premium-credits/CreditMeter.svelte
+++ b/src/premium-credits/CreditMeter.svelte
@@ -1,11 +1,16 @@
 <script context="module" lang="ts">
-  export function formatResetDate(dateStr: string, locale: string): string {
+  import type { Maybe, Nullable } from "@/lib/api/types";
+
+  export function formatResetDate(
+    dateStr: string,
+    locale: Maybe<Nullable<string>>,
+  ): string {
     const date = new Date(dateStr);
     const options: Intl.DateTimeFormatOptions = {
       day: "numeric",
       month: "numeric",
     };
-    const intl = new Intl.DateTimeFormat(locale, options);
+    const intl = new Intl.DateTimeFormat(locale ?? "en", options);
     return intl.format(date);
   }
 </script>
diff --git a/src/premium-credits/UpgradePrompt.svelte b/src/premium-credits/UpgradePrompt.svelte
index 14858461f..281f4613a 100644
--- a/src/premium-credits/UpgradePrompt.svelte
+++ b/src/premium-credits/UpgradePrompt.svelte
@@ -5,7 +5,7 @@
 
   export let message: string;
   export let callToAction: string | null = null;
-  export let href: string = null;
+  export let href: string | null = null;
 </script>
 
 <div class="container">
diff --git a/src/routes/(app)/+error.svelte b/src/routes/(app)/+error.svelte
index 945b536e3..eca551209 100644
--- a/src/routes/(app)/+error.svelte
+++ b/src/routes/(app)/+error.svelte
@@ -1,4 +1,4 @@
-<script>
+<script lang="ts">
   import { page } from "$app/stores";
   import { _ } from "svelte-i18n";
   import Error from "$lib/components/layouts/Error.svelte";
@@ -13,7 +13,7 @@
     {#if $page.status === 404}
       {$_("notfound.content")}
     {:else}
-      {$page.error.message}
+      {$page.error?.message}
     {/if}
   </p>
 </Error>
diff --git a/src/routes/(app)/+layout.svelte b/src/routes/(app)/+layout.svelte
index 7f4a40b07..6beac02ce 100644
--- a/src/routes/(app)/+layout.svelte
+++ b/src/routes/(app)/+layout.svelte
@@ -1,15 +1,15 @@
 <script lang="ts">
   import type { LayoutData } from "./$types";
-  import type { Org, User } from "@/api/types/orgAndUser";
 
   import { setContext } from "svelte";
   import { writable, type Writable } from "svelte/store";
 
   import AppLayout from "$lib/components/layouts/AppLayout.svelte";
+  import type { Maybe, Org, User } from "$lib/api/types";
 
   export let data: LayoutData;
 
-  const me: Writable<User> = writable(data.me);
+  const me: Writable<Maybe<User>> = writable(data.me);
   const org: Writable<Org> = writable(data.org);
   const user_orgs: Writable<Promise<Org[]>> = writable(data.user_orgs);
   const org_users: Writable<Promise<User[]>> = writable(data.org_users);
diff --git a/src/routes/(app)/+layout.ts b/src/routes/(app)/+layout.ts
index 6b4d13721..c7c4fd840 100644
--- a/src/routes/(app)/+layout.ts
+++ b/src/routes/(app)/+layout.ts
@@ -9,7 +9,8 @@ export async function load({ fetch }) {
   const org = me?.organization as Org;
   const tipOfDay = me ? await getTipOfDay(fetch) : null;
 
-  let user_orgs: Promise<Org[]>, org_users: Promise<User[]>;
+  let user_orgs: Promise<Org[]> = Promise.resolve([]);
+  let org_users: Promise<User[]> = Promise.resolve([]);
   if (me && org) {
     user_orgs = userOrgs(me, fetch).catch((e) => {
       console.error(e);
diff --git a/src/routes/(app)/+page.server.ts b/src/routes/(app)/+page.server.ts
index 105d709ac..594b3b3dc 100644
--- a/src/routes/(app)/+page.server.ts
+++ b/src/routes/(app)/+page.server.ts
@@ -1,7 +1,7 @@
 import { _ } from "svelte-i18n";
 import { createFeedback, type Feedback } from "@/lib/api/feedback";
 import type { Actions } from "./$types";
-import { error, fail } from "@sveltejs/kit";
+import { fail } from "@sveltejs/kit";
 
 export const actions = {
   feedback: async ({ request, fetch }) => {
diff --git a/src/routes/(app)/add-ons/+error.svelte b/src/routes/(app)/add-ons/+error.svelte
index 945b536e3..eca551209 100644
--- a/src/routes/(app)/add-ons/+error.svelte
+++ b/src/routes/(app)/add-ons/+error.svelte
@@ -1,4 +1,4 @@
-<script>
+<script lang="ts">
   import { page } from "$app/stores";
   import { _ } from "svelte-i18n";
   import Error from "$lib/components/layouts/Error.svelte";
@@ -13,7 +13,7 @@
     {#if $page.status === 404}
       {$_("notfound.content")}
     {:else}
-      {$page.error.message}
+      {$page.error?.message}
     {/if}
   </p>
 </Error>
diff --git a/src/routes/(app)/add-ons/[owner]/[repo]/+error.svelte b/src/routes/(app)/add-ons/[owner]/[repo]/+error.svelte
index 945b536e3..eca551209 100644
--- a/src/routes/(app)/add-ons/[owner]/[repo]/+error.svelte
+++ b/src/routes/(app)/add-ons/[owner]/[repo]/+error.svelte
@@ -1,4 +1,4 @@
-<script>
+<script lang="ts">
   import { page } from "$app/stores";
   import { _ } from "svelte-i18n";
   import Error from "$lib/components/layouts/Error.svelte";
@@ -13,7 +13,7 @@
     {#if $page.status === 404}
       {$_("notfound.content")}
     {:else}
-      {$page.error.message}
+      {$page.error?.message}
     {/if}
   </p>
 </Error>
diff --git a/src/routes/(app)/add-ons/[owner]/[repo]/+page.server.ts b/src/routes/(app)/add-ons/[owner]/[repo]/+page.server.ts
index b59a5aef0..3a0fbf052 100644
--- a/src/routes/(app)/add-ons/[owner]/[repo]/+page.server.ts
+++ b/src/routes/(app)/add-ons/[owner]/[repo]/+page.server.ts
@@ -7,18 +7,28 @@ import { getAddon, buildPayload, dispatch } from "$lib/api/addons";
 
 export const actions = {
   async dispatch({ cookies, fetch, request, params }) {
+    const { owner, repo } = params;
+    if (!owner || !repo) {
+      return fail(400, { message: "Missing required param" });
+    }
+
     const [form, addon] = await Promise.all([
       request.formData(),
-      getAddon(params.owner, params.repo, fetch),
+      getAddon(owner, repo, fetch),
     ]);
+    if (!addon) {
+      return fail(404, { message: "Add-On not found" });
+    }
 
     const payload = buildPayload(addon, form, true);
-
     if (!payload.valid) {
       return fail(400, { errors: payload.errors });
     }
 
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
 
     const { data, error } = await dispatch(payload, csrf_token, fetch);
 
diff --git a/src/routes/(app)/add-ons/[owner]/[repo]/[event]/+page.server.ts b/src/routes/(app)/add-ons/[owner]/[repo]/[event]/+page.server.ts
index a99883d7a..0e6a25d51 100644
--- a/src/routes/(app)/add-ons/[owner]/[repo]/[event]/+page.server.ts
+++ b/src/routes/(app)/add-ons/[owner]/[repo]/[event]/+page.server.ts
@@ -7,26 +7,32 @@ import { getEvent, buildPayload, update } from "$lib/api/addons";
 
 export const actions = {
   async update({ cookies, fetch, params, request }) {
-    // todo: figure out how to skip reloading the event and addon
+    // TODO figure out how to skip reloading the event and addon
+    const id = Number(params.event);
     const [form, event] = await Promise.all([
       request.formData(),
-      getEvent(+params.event, fetch),
+      getEvent(id, fetch),
     ]);
-    const addon = event.data.addon;
-    const payload = buildPayload(addon, form, true);
 
+    // Check for addon
+    const addon = event.data?.addon;
+    if (!addon) {
+      return fail(404, { message: "Add-On not found" });
+    }
+
+    // Check for valid payload
+    const payload = buildPayload(addon, form, true);
     if (!payload.valid) {
       return fail(400, { errors: payload.errors });
     }
 
+    // Check for CSRF token
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
 
-    const { data, error } = await update(
-      +params.event,
-      payload,
-      csrf_token,
-      fetch,
-    );
+    const { data, error } = await update(id, payload, csrf_token, fetch);
 
     if (error) {
       return fail(error.status, { ...error });
diff --git a/src/routes/(app)/add-ons/[owner]/[repo]/[event]/+page.svelte b/src/routes/(app)/add-ons/[owner]/[repo]/[event]/+page.svelte
index 6bf5bc0d5..b33e32483 100644
--- a/src/routes/(app)/add-ons/[owner]/[repo]/[event]/+page.svelte
+++ b/src/routes/(app)/add-ons/[owner]/[repo]/[event]/+page.svelte
@@ -16,7 +16,7 @@
   $: search = data.searchResults;
   $: scheduled = data.scheduled;
   $: organization =
-    typeof $me.organization === "object" ? $me.organization : null;
+    typeof $me?.organization === "object" ? $me.organization : null;
   $: isPremiumUser = isPremiumOrg(organization);
   $: creditBalance = getCreditBalance(organization) ?? 0;
   $: isPremiumAddon =
diff --git a/src/routes/(app)/add-ons/[owner]/[repo]/[event]/+page.ts b/src/routes/(app)/add-ons/[owner]/[repo]/[event]/+page.ts
index 6efce6fc3..3b8685430 100644
--- a/src/routes/(app)/add-ons/[owner]/[repo]/[event]/+page.ts
+++ b/src/routes/(app)/add-ons/[owner]/[repo]/[event]/+page.ts
@@ -16,6 +16,9 @@ export async function load({ params, fetch, parent, url }) {
   if (err) {
     return error(err.status, err.message);
   }
+  if (!event) {
+    return error(404, "Event not found");
+  }
 
   // there's probably something better to use as a breadcrumb title
   const breadcrumbs = await breadcrumbTrail(parent, [
diff --git a/src/routes/(app)/documents/+error.svelte b/src/routes/(app)/documents/+error.svelte
index 945b536e3..eca551209 100644
--- a/src/routes/(app)/documents/+error.svelte
+++ b/src/routes/(app)/documents/+error.svelte
@@ -1,4 +1,4 @@
-<script>
+<script lang="ts">
   import { page } from "$app/stores";
   import { _ } from "svelte-i18n";
   import Error from "$lib/components/layouts/Error.svelte";
@@ -13,7 +13,7 @@
     {#if $page.status === 404}
       {$_("notfound.content")}
     {:else}
-      {$page.error.message}
+      {$page.error?.message}
     {/if}
   </p>
 </Error>
diff --git a/src/routes/(app)/documents/+page.server.ts b/src/routes/(app)/documents/+page.server.ts
index 0cb474e04..a72e32933 100644
--- a/src/routes/(app)/documents/+page.server.ts
+++ b/src/routes/(app)/documents/+page.server.ts
@@ -5,7 +5,6 @@ import { fail } from "@sveltejs/kit";
 
 import { CSRF_COOKIE_NAME } from "@/config/config.js";
 import { destroy_many, edit_many, add_tags } from "$lib/api/documents";
-import { isErrorCode } from "$lib/utils/api";
 
 export function load({ cookies }) {
   const csrf_token = cookies.get(CSRF_COOKIE_NAME);
@@ -16,6 +15,10 @@ export function load({ cookies }) {
 export const actions = {
   async data({ cookies, fetch, request }) {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
+
     const form = await request.formData();
     const keys = form.getAll("key") as string[];
     const values = form.getAll("value") as string[];
@@ -58,6 +61,9 @@ export const actions = {
 
   async delete({ cookies, fetch, request }) {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
     const form = await request.formData();
 
     const ids = String(form.get("documents")).split(",");
@@ -76,6 +82,9 @@ export const actions = {
 
   async edit({ cookies, fetch, request }) {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
     const form = await request.formData();
 
     const ids = String(form.get("documents")).split(",");
diff --git a/src/routes/(app)/documents/+page.svelte b/src/routes/(app)/documents/+page.svelte
index beacbe304..f6dcadbb9 100644
--- a/src/routes/(app)/documents/+page.svelte
+++ b/src/routes/(app)/documents/+page.svelte
@@ -1,6 +1,4 @@
 <script lang="ts">
-  import type { DocumentResults } from "$lib/api/types";
-
   import { setContext } from "svelte";
   import { _ } from "svelte-i18n";
   import { PlusCircle16 } from "svelte-octicons";
diff --git a/src/routes/(app)/documents/+page.ts b/src/routes/(app)/documents/+page.ts
index 019987e9d..6e14acba5 100644
--- a/src/routes/(app)/documents/+page.ts
+++ b/src/routes/(app)/documents/+page.ts
@@ -6,7 +6,7 @@ import { getPinnedAddons } from "$lib/api/addons.js";
 
 export async function load({ url, fetch, data }) {
   const query = url.searchParams.get("q") || "";
-  const per_page = +url.searchParams.get("per_page") || DEFAULT_PER_PAGE;
+  const per_page = +(url.searchParams.get("per_page") ?? DEFAULT_PER_PAGE);
   const cursor = url.searchParams.get("cursor") || "";
 
   const options: SearchOptions = {
diff --git a/src/routes/(app)/documents/[id]-[slug]/+error.svelte b/src/routes/(app)/documents/[id]-[slug]/+error.svelte
index 945b536e3..eca551209 100644
--- a/src/routes/(app)/documents/[id]-[slug]/+error.svelte
+++ b/src/routes/(app)/documents/[id]-[slug]/+error.svelte
@@ -1,4 +1,4 @@
-<script>
+<script lang="ts">
   import { page } from "$app/stores";
   import { _ } from "svelte-i18n";
   import Error from "$lib/components/layouts/Error.svelte";
@@ -13,7 +13,7 @@
     {#if $page.status === 404}
       {$_("notfound.content")}
     {:else}
-      {$page.error.message}
+      {$page.error?.message}
     {/if}
   </p>
 </Error>
diff --git a/src/routes/(app)/documents/[id]-[slug]/+page.server.ts b/src/routes/(app)/documents/[id]-[slug]/+page.server.ts
index 61df1db2f..248c6f1f2 100644
--- a/src/routes/(app)/documents/[id]-[slug]/+page.server.ts
+++ b/src/routes/(app)/documents/[id]-[slug]/+page.server.ts
@@ -22,6 +22,9 @@ export const actions = {
   // like edit but specifically for data
   async data({ cookies, request, fetch, params, url }) {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
     const { id } = params;
 
     // array of [['key', '...'], ['value', '...']]
@@ -65,6 +68,9 @@ export const actions = {
 
   async delete({ cookies, fetch, params }) {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
     const { id } = params;
 
     console.info(`Deleting document: ${id}`);
@@ -81,6 +87,9 @@ export const actions = {
 
   async edit({ cookies, fetch, request, params }) {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
     const form = await request.formData();
     const { id } = params;
 
@@ -106,6 +115,9 @@ export const actions = {
 
   async redact({ cookies, fetch, request, params }) {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
     const form = await request.formData();
     const redactions = JSON.parse(form.get("redactions") as string);
 
@@ -131,6 +143,9 @@ export const actions = {
 
   async createAnnotation({ cookies, request, fetch, params }) {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
     const form = await request.formData();
 
     const [x1, x2, y1, y2] = JSON.parse(form.get("coords") as string);
@@ -139,7 +154,9 @@ export const actions = {
       title: form.get("title") as string,
       content: (form.get("content") as string) ?? "",
       access: form.get("access") as Access,
-      page_number: +form.get("page_number"),
+      page_number: form.get("page_number")
+        ? Number(form.get("page_number"))
+        : undefined,
       x1,
       x2,
       y1,
@@ -168,9 +185,12 @@ export const actions = {
 
   async updateAnnotation({ cookies, request, fetch, params }) {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
     const form = await request.formData();
 
-    const note_id = +form.get("id");
+    const note_id = form.get("id");
 
     // only limited update options for now
     const note: Partial<Note> = {
@@ -181,7 +201,7 @@ export const actions = {
 
     const { data: updated, error } = await notes.update(
       params.id,
-      note_id,
+      Number(note_id),
       note,
       csrf_token,
       fetch,
@@ -202,9 +222,12 @@ export const actions = {
 
   async deleteAnnotation({ cookies, request, fetch, params }) {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
     const form = await request.formData();
 
-    const note_id = +form.get("id");
+    const note_id = Number(form.get("id"));
 
     if (!note_id) return fail(400, { id: "missing" });
 
diff --git a/src/routes/(app)/documents/[id]-[slug]/+page.svelte b/src/routes/(app)/documents/[id]-[slug]/+page.svelte
index 863b19e88..b843e3175 100644
--- a/src/routes/(app)/documents/[id]-[slug]/+page.svelte
+++ b/src/routes/(app)/documents/[id]-[slug]/+page.svelte
@@ -22,6 +22,7 @@
 
   $: action = data.action;
   $: addons = data.pinnedAddons;
+  $: hasDescription = Boolean(document.description?.trim().length);
 </script>
 
 <svelte:head>
@@ -38,7 +39,7 @@
     href={embedUrl(document.canonical_url).href}
     title={document.title}
   />
-  {#if document.description?.trim().length > 0}
+  {#if hasDescription}
     <meta name="description" content={document.description} />
     <meta property="og:description" content={document.description} />
   {/if}
diff --git a/src/routes/(app)/documents/sidebar/Actions.svelte b/src/routes/(app)/documents/sidebar/Actions.svelte
index 94583585d..7dbbe42bc 100644
--- a/src/routes/(app)/documents/sidebar/Actions.svelte
+++ b/src/routes/(app)/documents/sidebar/Actions.svelte
@@ -22,15 +22,13 @@
   let edit = false;
   let organize = false;
   let share = false;
+
+  $: toShare = $selected?.length === 1 ? $selected[0] : null;
 </script>
 
 <Flex direction="column">
   <!-- for now, we can only share individual documents or projects -->
-  <SidebarItem
-    hover
-    disabled={$selected?.length !== 1}
-    on:click={(e) => (share = true)}
-  >
+  <SidebarItem hover disabled={!toShare} on:click={(e) => (share = true)}>
     <Share16 slot="start" />{$_("dialog.share")} &hellip;
   </SidebarItem>
   <SidebarItem
@@ -74,12 +72,11 @@
   </Portal>
 {/if}
 
-{#if share}
+{#if share && toShare}
   <Portal>
     <Modal on:close={() => (share = false)}>
-      {@const document = $selected[0]}
       <h1 slot="title">{$_("dialog.share")}</h1>
-      <Share {document} />
+      <Share document={toShare} />
     </Modal>
   </Portal>
 {/if}
diff --git a/src/routes/(app)/projects/+error.svelte b/src/routes/(app)/projects/+error.svelte
index 945b536e3..eca551209 100644
--- a/src/routes/(app)/projects/+error.svelte
+++ b/src/routes/(app)/projects/+error.svelte
@@ -1,4 +1,4 @@
-<script>
+<script lang="ts">
   import { page } from "$app/stores";
   import { _ } from "svelte-i18n";
   import Error from "$lib/components/layouts/Error.svelte";
@@ -13,7 +13,7 @@
     {#if $page.status === 404}
       {$_("notfound.content")}
     {:else}
-      {$page.error.message}
+      {$page.error?.message}
     {/if}
   </p>
 </Error>
diff --git a/src/routes/(app)/projects/+page.server.ts b/src/routes/(app)/projects/+page.server.ts
index b6dbaa7d3..998e643d0 100644
--- a/src/routes/(app)/projects/+page.server.ts
+++ b/src/routes/(app)/projects/+page.server.ts
@@ -17,6 +17,10 @@ export const actions = {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
     const form = await request.formData();
 
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
+
     const project = {
       title: form.get("title") as string,
       description: form.get("description") as string,
diff --git a/src/routes/(app)/projects/+page.svelte b/src/routes/(app)/projects/+page.svelte
index f4c149bd0..5227c4eb1 100644
--- a/src/routes/(app)/projects/+page.svelte
+++ b/src/routes/(app)/projects/+page.svelte
@@ -1,4 +1,6 @@
 <script lang="ts">
+  import type { Nullable } from "$lib/api/types";
+
   import { _ } from "svelte-i18n";
   import {
     FileDirectory24,
@@ -37,13 +39,14 @@
   $: projects = data.projects.results;
   $: next = data.projects.next;
   $: previous = data.projects.previous;
-  $: list = data.list;
 
-  function paginate(u: URL | string) {
+  function paginate(u: Nullable<URL | string>) {
+    if (!u) return;
     u = new URL(u);
     const target = new URL($page.url);
 
-    target.searchParams.set("cursor", u.searchParams.get("cursor"));
+    const cursor = u.searchParams.get("cursor");
+    if (cursor) target.searchParams.set("cursor", cursor);
     goto(target);
   }
 
diff --git a/src/routes/(app)/projects/+page.ts b/src/routes/(app)/projects/+page.ts
index db25f15f5..e6c8d8c53 100644
--- a/src/routes/(app)/projects/+page.ts
+++ b/src/routes/(app)/projects/+page.ts
@@ -9,7 +9,7 @@ export async function load({ url, parent, fetch }) {
   const { me } = await parent();
   const query = url.searchParams.get("query") ?? "";
   const cursor = url.searchParams.get("cursor") ?? "";
-  const per_page = +url.searchParams.get("per_page") || DEFAULT_PER_PAGE;
+  const per_page = +(url.searchParams.get("per_page") ?? DEFAULT_PER_PAGE);
 
   const params: Record<string, any> = {
     query,
@@ -33,21 +33,21 @@ export async function load({ url, parent, fetch }) {
   let error: unknown;
 
   if (me && filter === "owned") {
-    ({ data: projects, error } = await list(
+    ({ data: projects = projects, error } = await list(
       { ...params, owned_by_user: true },
       fetch,
     ));
   }
 
   if (me && filter === "shared") {
-    ({ data: projects, error } = await list(
+    ({ data: projects = projects, error } = await list(
       { ...params, is_shared: true },
       fetch,
     ));
   }
 
   if (filter === "public") {
-    ({ data: projects, error } = await list(params, fetch));
+    ({ data: projects = projects, error } = await list(params, fetch));
   }
 
   return {
diff --git a/src/routes/(app)/projects/[id]-[slug]/+error.svelte b/src/routes/(app)/projects/[id]-[slug]/+error.svelte
index 945b536e3..eca551209 100644
--- a/src/routes/(app)/projects/[id]-[slug]/+error.svelte
+++ b/src/routes/(app)/projects/[id]-[slug]/+error.svelte
@@ -1,4 +1,4 @@
-<script>
+<script lang="ts">
   import { page } from "$app/stores";
   import { _ } from "svelte-i18n";
   import Error from "$lib/components/layouts/Error.svelte";
@@ -13,7 +13,7 @@
     {#if $page.status === 404}
       {$_("notfound.content")}
     {:else}
-      {$page.error.message}
+      {$page.error?.message}
     {/if}
   </p>
 </Error>
diff --git a/src/routes/(app)/projects/[id]-[slug]/+page.server.ts b/src/routes/(app)/projects/[id]-[slug]/+page.server.ts
index 62709fc83..6aba2be38 100644
--- a/src/routes/(app)/projects/[id]-[slug]/+page.server.ts
+++ b/src/routes/(app)/projects/[id]-[slug]/+page.server.ts
@@ -6,6 +6,18 @@ import { CSRF_COOKIE_NAME } from "@/config/config.js";
 import * as collaborators from "$lib/api/collaborators";
 import * as projects from "$lib/api/projects";
 
+const ACCESS: Set<ProjectAccess> = new Set(["admin", "edit", "view"]);
+
+function getAccess(form: FormData): ProjectAccess {
+  let access = form.get("access")?.toString() as ProjectAccess;
+
+  if (!ACCESS.has(access)) {
+    return "view";
+  }
+
+  return access;
+}
+
 export const actions = {
   /**
    * Delete this project
@@ -14,6 +26,10 @@ export const actions = {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
     const project_id = +params.id;
 
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
+
     const { error } = await projects.destroy(project_id, csrf_token, fetch);
 
     if (error) {
@@ -30,6 +46,10 @@ export const actions = {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
     const form = await request.formData();
 
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
+
     const update: Partial<Project> = {
       title: form.get("title") as string,
       description: form.get("description") as string,
@@ -58,8 +78,12 @@ export const actions = {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
     const form = await request.formData();
 
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
+
     const email = form.get("email") as string;
-    const access = form.get("access") as ProjectAccess;
+    const access = getAccess(form);
 
     const { data: user, error } = await collaborators.add(
       +params.id,
@@ -84,14 +108,22 @@ export const actions = {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
     const form = await request.formData();
 
-    const user = +form.get("user");
-    const access = form.get("access") as ProjectAccess;
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
+
+    const user = form.get("user");
+    const access = getAccess(form);
+
+    if (!user || !access) {
+      return fail(400, { message: "Missing form data" });
+    }
 
     const project_id = +params.id;
 
     const { data, error } = await collaborators.update(
       project_id,
-      user,
+      +user,
       access,
       csrf_token,
       fetch,
@@ -113,12 +145,20 @@ export const actions = {
     const csrf_token = cookies.get(CSRF_COOKIE_NAME);
     const form = await request.formData();
 
-    const user = +form.get("user");
+    if (!csrf_token) {
+      return fail(403, { message: "Missing CSRF token" });
+    }
+
+    const user = form.get("user");
     const project_id = +params.id;
 
+    if (!user || !project_id) {
+      return fail(400, { message: "Missing form data" });
+    }
+
     const { error } = await collaborators.remove(
       project_id,
-      user,
+      +user,
       csrf_token,
       fetch,
     );
diff --git a/src/routes/(app)/projects/[id]-[slug]/+page.ts b/src/routes/(app)/projects/[id]-[slug]/+page.ts
index 52d2dfa0c..76c37ffc0 100644
--- a/src/routes/(app)/projects/[id]-[slug]/+page.ts
+++ b/src/routes/(app)/projects/[id]-[slug]/+page.ts
@@ -18,7 +18,7 @@ export async function load({ params, url, parent, data, fetch }) {
   const id = parseInt(params.id, 10);
 
   const [project, users]: [
-    APIResponse<Nullable<Project>>,
+    Nullable<APIResponse<Project>>,
     Nullable<ProjectUser[]>,
   ] = await Promise.all([
     projects.get(id, fetch),
@@ -27,11 +27,14 @@ export async function load({ params, url, parent, data, fetch }) {
     return [null, null];
   });
 
-  if (project.error) {
-    error(project.error.status, project.error.message);
+  if (project?.error || !project?.data) {
+    error(
+      project?.error?.status ?? 400,
+      project?.error?.message ?? "Unexpected error",
+    );
   }
 
-  if (project.data.slug !== params.slug) {
+  if (project?.data.slug !== params.slug) {
     const canonical = projects.canonicalUrl(project.data);
     redirect(302, canonical);
   }
diff --git a/src/routes/(app)/projects/[id]/+page.ts b/src/routes/(app)/projects/[id]/+page.ts
index 60bff6764..05aacc027 100644
--- a/src/routes/(app)/projects/[id]/+page.ts
+++ b/src/routes/(app)/projects/[id]/+page.ts
@@ -6,6 +6,10 @@ import * as projects from "$lib/api/projects";
 export async function load({ params, fetch }) {
   const { data: project, error: err } = await projects.get(+params.id, fetch);
 
+  if (!project) {
+    return error(404, "Project not found");
+  }
+
   if (err) {
     return error(err.status, err.message);
   }
diff --git a/src/routes/(app)/upload/+error.svelte b/src/routes/(app)/upload/+error.svelte
index 945b536e3..eca551209 100644
--- a/src/routes/(app)/upload/+error.svelte
+++ b/src/routes/(app)/upload/+error.svelte
@@ -1,4 +1,4 @@
-<script>
+<script lang="ts">
   import { page } from "$app/stores";
   import { _ } from "svelte-i18n";
   import Error from "$lib/components/layouts/Error.svelte";
@@ -13,7 +13,7 @@
     {#if $page.status === 404}
       {$_("notfound.content")}
     {:else}
-      {$page.error.message}
+      {$page.error?.message}
     {/if}
   </p>
 </Error>
diff --git a/src/routes/(app)/upload/+page.svelte b/src/routes/(app)/upload/+page.svelte
index 5a10fd197..04a73abe2 100644
--- a/src/routes/(app)/upload/+page.svelte
+++ b/src/routes/(app)/upload/+page.svelte
@@ -12,8 +12,7 @@
 
   export let data;
 
-  $: form = $page.form;
-  $: projects = data.projects.results;
+  $: projects = data.projects?.results ?? [];
 </script>
 
 <svelte:head>
diff --git a/src/routes/(pages)/+error.svelte b/src/routes/(pages)/+error.svelte
index 945b536e3..eca551209 100644
--- a/src/routes/(pages)/+error.svelte
+++ b/src/routes/(pages)/+error.svelte
@@ -1,4 +1,4 @@
-<script>
+<script lang="ts">
   import { page } from "$app/stores";
   import { _ } from "svelte-i18n";
   import Error from "$lib/components/layouts/Error.svelte";
@@ -13,7 +13,7 @@
     {#if $page.status === 404}
       {$_("notfound.content")}
     {:else}
-      {$page.error.message}
+      {$page.error?.message}
     {/if}
   </p>
 </Error>
diff --git a/src/routes/(pages)/[...path]/+page.ts b/src/routes/(pages)/[...path]/+page.ts
index 4c246c88c..8b8bbd13b 100644
--- a/src/routes/(pages)/[...path]/+page.ts
+++ b/src/routes/(pages)/[...path]/+page.ts
@@ -1,12 +1,15 @@
 // load data for flatpages
 import { error } from "@sveltejs/kit";
-import { BASE_API_URL } from "@/config/config.js";
 
 import * as flatpages from "$lib/api/flatpages";
 
 export async function load({ fetch, params }) {
   const { data, error: err } = await flatpages.get(params.path, fetch);
 
+  if (!data) {
+    return error(404, "Page not found");
+  }
+
   if (err) {
     return error(err.status, { message: err.message });
   }
diff --git a/src/routes/(pages)/home/+page.ts b/src/routes/(pages)/home/+page.ts
index a21c90633..5c7ab0acc 100644
--- a/src/routes/(pages)/home/+page.ts
+++ b/src/routes/(pages)/home/+page.ts
@@ -15,6 +15,10 @@ export async function load({ fetch }) {
     getMe(fetch),
   ]);
 
+  if (!page) {
+    return error(404, "Page not found");
+  }
+
   if (err) {
     return error(err.status, { message: err.message });
   }
diff --git a/src/routes/+error.svelte b/src/routes/+error.svelte
index 945b536e3..eca551209 100644
--- a/src/routes/+error.svelte
+++ b/src/routes/+error.svelte
@@ -1,4 +1,4 @@
-<script>
+<script lang="ts">
   import { page } from "$app/stores";
   import { _ } from "svelte-i18n";
   import Error from "$lib/components/layouts/Error.svelte";
@@ -13,7 +13,7 @@
     {#if $page.status === 404}
       {$_("notfound.content")}
     {:else}
-      {$page.error.message}
+      {$page.error?.message}
     {/if}
   </p>
 </Error>
diff --git a/src/routes/+layout.svelte b/src/routes/+layout.svelte
index 5e1c1630c..7e8cb9d79 100644
--- a/src/routes/+layout.svelte
+++ b/src/routes/+layout.svelte
@@ -9,7 +9,8 @@
   import "@/style/global.css";
   import "@/style/kit.css";
 
-  $: useCyrillicCharset = browser ? ["uk", "ru"].includes($locale) : false;
+  $: useCyrillicCharset =
+    browser && $locale ? ["uk", "ru"].includes($locale) : false;
 
   // this checks if the site has been updated and triggers a full page reload
   // on the next navigation to update the cache
diff --git a/src/routes/embed/documents/[id]/annotations/[note_id]/+page.svelte b/src/routes/embed/documents/[id]/annotations/[note_id]/+page.svelte
index 7ac573b28..cc902d3ac 100644
--- a/src/routes/embed/documents/[id]/annotations/[note_id]/+page.svelte
+++ b/src/routes/embed/documents/[id]/annotations/[note_id]/+page.svelte
@@ -8,12 +8,12 @@
   import * as notes from "@/lib/api/notes";
   import { embedUrl } from "$lib/api/embed";
   import { canonicalNoteUrl, noteUrl } from "@/lib/api/notes";
-  import { pageSizesFromSpec } from "@/api/pageSize.js";
+  import { pageSizesFromSpec } from "$lib/utils/pageSize";
   import { IMAGE_WIDTHS_MAP } from "@/config/config.js";
 
   export let data;
 
-  const docWidth = IMAGE_WIDTHS_MAP.get("normal");
+  const docWidth = IMAGE_WIDTHS_MAP.get("normal") ?? 700;
 
   let elem: HTMLElement;
 
@@ -21,8 +21,8 @@
   $: note = data.note;
   $: alt = `Page ${note.page_number + 1} of ${doc.title}`;
   $: src = pageImageUrl(doc, note.page_number + 1, "normal").toString();
-  $: sizes = pageSizesFromSpec(doc.page_spec);
-  $: aspect = sizes[note.page_number];
+  $: sizes = doc.page_spec ? pageSizesFromSpec(doc.page_spec) : [];
+  $: aspect = sizes[note.page_number] ?? 11 / 8.5;
   $: url = canonicalNoteUrl(doc, note).toString();
   $: title = `${note.title} (${$_("documents.pageAbbrev")} ${
     note.page_number + 1
@@ -104,7 +104,7 @@
   </div>
 
   <div class="DC-note-body">
-    {@html clean(note.content)}
+    {@html clean(note.content ?? "")}
   </div>
 
   <div class="DC-note-credit">
diff --git a/src/routes/embed/documents/[id]/annotations/[note_id]/+page.ts b/src/routes/embed/documents/[id]/annotations/[note_id]/+page.ts
index 2ead1baf6..cd2491313 100644
--- a/src/routes/embed/documents/[id]/annotations/[note_id]/+page.ts
+++ b/src/routes/embed/documents/[id]/annotations/[note_id]/+page.ts
@@ -1,4 +1,5 @@
 // load a note for embedding
+import { error } from "@sveltejs/kit";
 import * as documents from "@/lib/api/documents";
 import * as notesApi from "$lib/api/notes";
 
@@ -8,6 +9,10 @@ export async function load({ params, fetch }) {
     notesApi.get(+params.id, parseInt(params.note_id), fetch),
   ]);
 
+  if (document.error || !document.data || note.error || !note.data) {
+    return error(404, "Document not found");
+  }
+
   return {
     document: document.data,
     note: note.data,
diff --git a/src/routes/embed/documents/[id]/pages/[page]/+page.svelte b/src/routes/embed/documents/[id]/pages/[page]/+page.svelte
index 01c436e50..6908b02d8 100644
--- a/src/routes/embed/documents/[id]/pages/[page]/+page.svelte
+++ b/src/routes/embed/documents/[id]/pages/[page]/+page.svelte
@@ -5,7 +5,7 @@
   import Annotation from "./Annotation.svelte";
   import Note from "./Note.svelte";
 
-  import { pageSizesFromSpec } from "@/api/pageSize.js";
+  import { pageSizesFromSpec } from "$lib/utils/pageSize";
   import { APP_URL, IMAGE_WIDTHS_MAP } from "@/config/config.js";
   import { informSize } from "@/embed/iframeSizer.js";
   import {
@@ -16,13 +16,14 @@
     userOrgString,
   } from "@/lib/api/documents";
   import { embedUrl } from "$lib/api/embed";
+  import type { Maybe, Note as NoteType, Nullable } from "@/lib/api/types";
 
   export let data;
 
   const dispatch = createEventDispatcher();
 
-  let elem;
-  let active = null;
+  let elem: HTMLElement;
+  let active: Nullable<NoteType> = null;
 
   $: doc = data.document;
   $: slugId = `${doc.id}-${doc.slug}`;
@@ -30,9 +31,9 @@
   $: page = +data.page;
   $: title = `${doc.title} (${$_("documents.pageAbbrev")} ${data.page})`;
   $: url = canonicalPageUrl(doc, page).toString();
-  $: sizes = pageSizesFromSpec(doc.page_spec);
-  $: aspect = sizes[page - 1];
-  $: width = IMAGE_WIDTHS_MAP.get("large");
+  $: sizes = doc.page_spec ? pageSizesFromSpec(doc.page_spec) : [];
+  $: aspect = sizes[page - 1] ?? 11 / 8.5;
+  $: width = IMAGE_WIDTHS_MAP.get("large") ?? 1000;
   $: height = width * aspect;
   $: shimPlacements =
     active === null
@@ -49,6 +50,10 @@
       dispatch("close");
     }
   }
+
+  function getShim(s: Maybe<number>): number {
+    return s ?? 0;
+  }
 </script>
 
 <svelte:head>
@@ -113,14 +118,18 @@
 
     <!-- Place shims while note is active -->
     {#each shimPlacements as s}
-      <div
-        class="dc-embed-shim"
-        style="left:{s[0] * 100}%;top:{s[1] * 100}%;right:{(1 - s[2]) *
-          100}%;bottom:{(1 - s[3]) * 100}%"
-        tabindex="-1"
-        role="dialog"
-        aria-modal="true"
-      />
+      {#if s.length > 0}
+        <div
+          class="dc-embed-shim"
+          style="left:{getShim(s[0]) * 100}%;top:{getShim(s[1]) *
+            100}%;right:{(1 - getShim(s[2])) * 100}%;bottom:{(1 -
+            getShim(s[3])) *
+            100}%"
+          tabindex="-1"
+          role="dialog"
+          aria-modal="true"
+        />
+      {/if}
     {/each}
 
     <!-- Show annotation if note is active -->
diff --git a/src/routes/embed/documents/[id]/pages/[page]/+page.ts b/src/routes/embed/documents/[id]/pages/[page]/+page.ts
index a6a5239f3..2e34ece5b 100644
--- a/src/routes/embed/documents/[id]/pages/[page]/+page.ts
+++ b/src/routes/embed/documents/[id]/pages/[page]/+page.ts
@@ -1,5 +1,7 @@
 // load data for a single page embed
-import * as documents from "@/lib/api/documents";
+import { error } from "@sveltejs/kit";
+
+import * as documents from "$lib/api/documents";
 import * as notesApi from "$lib/api/notes";
 
 /** @type {import('./$types').PageLoad} */
@@ -10,9 +12,14 @@ export async function load({ params, fetch }) {
     notesApi.list(+params.id, fetch),
   ]);
 
+  if (document.error || !document.data) {
+    return error(404, "Document not found");
+  }
+
   return {
     document: document.data,
-    notes: notes.results.filter((note) => note.page_number === page - 1),
+    notes:
+      notes.data?.results.filter((note) => note.page_number === page - 1) ?? [],
     page: +page,
   };
 }
diff --git a/src/routes/embed/documents/[id]/pages/[page]/Annotation.svelte b/src/routes/embed/documents/[id]/pages/[page]/Annotation.svelte
index ceed5622f..755216b33 100644
--- a/src/routes/embed/documents/[id]/pages/[page]/Annotation.svelte
+++ b/src/routes/embed/documents/[id]/pages/[page]/Annotation.svelte
@@ -1,4 +1,4 @@
-<script>
+<script lang="ts">
   import DomPurify from "dompurify";
   import { onMount } from "svelte";
 
diff --git a/src/routes/embed/projects/[project_id]-[slug]/+page.ts b/src/routes/embed/projects/[project_id]-[slug]/+page.ts
index 5439b7b22..64fcea953 100644
--- a/src/routes/embed/projects/[project_id]-[slug]/+page.ts
+++ b/src/routes/embed/projects/[project_id]-[slug]/+page.ts
@@ -1,4 +1,5 @@
 // load data for project embeds
+import type { Maybe } from "$lib/api/types";
 
 import { error, redirect } from "@sveltejs/kit";
 import { search } from "$lib/api/documents";
@@ -9,10 +10,14 @@ const OLD_PATTERN = /(\D+)-(\d+)/;
 /** @type {import('./$types').PageLoad} */
 export async function load({ params, fetch, url }) {
   // handle old URLs
-  let { project_id, slug } = params;
+  let { project_id, slug }: Record<string, Maybe<string>> = params;
   if (`${project_id}-${slug}`.match(OLD_PATTERN)) {
     const groups = OLD_PATTERN.exec(`${project_id}-${slug}`);
-    project_id = groups[2];
+    project_id = groups?.[2];
+  }
+
+  if (!project_id) {
+    return error(404, "Project not found");
   }
 
   const project = await get(+project_id, fetch);
diff --git a/src/test/components/UserContext.demo.svelte b/src/test/components/UserContext.demo.svelte
index 6683ef41e..3bec89a93 100644
--- a/src/test/components/UserContext.demo.svelte
+++ b/src/test/components/UserContext.demo.svelte
@@ -10,4 +10,4 @@
   const user = getCurrentUser();
 </script>
 
-<p>{$user.name}</p>
+<p>{$user?.name}</p>
diff --git a/src/test/fixtures/documents/examples/the-santa-anas.json b/src/test/fixtures/documents/examples/the-santa-anas.json
index fd4a3e2b5..3a6dbd167 100644
--- a/src/test/fixtures/documents/examples/the-santa-anas.json
+++ b/src/test/fixtures/documents/examples/the-santa-anas.json
@@ -23,7 +23,6 @@
     "uuid": "800bbb85-ea7a-46e9-8f56-16f862e66e52",
     "monthly_credits": 0,
     "purchased_credits": 0,
-    "credit_reset_date": null,
     "monthly_credit_allowance": 0,
     "plan": "Free"
   },
diff --git a/src/test/handlers/projects.ts b/src/test/handlers/projects.ts
index 7fc30ae3c..7cd9999e2 100644
--- a/src/test/handlers/projects.ts
+++ b/src/test/handlers/projects.ts
@@ -1,4 +1,7 @@
+import type { Page } from "$lib/api/types";
+
 import { rest } from "msw";
+
 import {
   dataHandler,
   emptyHandler,
@@ -14,6 +17,7 @@ import projDocsPage1 from "../fixtures/projects/project-documents-expanded.json"
 import projDocsPage2 from "../fixtures/projects/project-documents-2.json";
 
 const projectUrl = createApiUrl("projects/*");
+
 export const projects = {
   info: rest.get(createApiUrl("projects/"), dataHandler(projectList)),
   data: rest.get(projectUrl, dataHandler(projectFixture)),
@@ -22,6 +26,9 @@ export const projects = {
   error: rest.get(projectUrl, errorHandler),
   documents: rest.get(
     createApiUrl("projects/*/documents/"),
-    pageHandler(projDocsPage1, projDocsPage2),
+    pageHandler<Page<{ document: Partial<Document> }>>(
+      projDocsPage1,
+      projDocsPage2,
+    ),
   ),
 };
diff --git a/tsconfig.json b/tsconfig.json
index b1bc480b9..5d98af74a 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -3,7 +3,9 @@
   "compilerOptions": {
     "resolveJsonModule": true,
     "allowJs": true,
-    "downlevelIteration": true
+    "downlevelIteration": true,
+    "noUncheckedIndexedAccess": true,
+    "strictNullChecks": true
     // "types": ["@testing-library/jest-dom"]
   },
   "include": [
diff --git a/vite.config.js b/vite.config.js
index 2370762e0..d2d133e73 100644
--- a/vite.config.js
+++ b/vite.config.js
@@ -57,7 +57,7 @@ export default defineConfig({
     include: [
       "src/lib/**/*.{test,spec}.{js,ts}",
       "src/routes/**/*.{test,spec}.{js,ts}",
-      "src/api/pageSize.test.js",
+      "src/lib/utils/tests/pageSize.test.ts",
     ],
     exclude: [
       ...configDefaults.exclude,